The DevOps, IT security and IT governance communities will remember 2021 as the year when the Software Bill of Materials , or SBOM, graduated from a “nice to have” to a “must have.” Around for years, the SBOM has now become a critical DevSecOps piece, which everyone must thoroughly understand and incorporate into their SDLC (Software Development Lifecycle).

The Biden administration recently passed an Executive Order in the wake of another string of costly and embarrassing cyber attacks. Executive Order 14028 Improving the Nation’s Cybersecurity includes many new initiatives designed to share cybersecurity intelligence, modernize federal infrastructure, and improve the traceability and integrity of applications that store and process vital information. The last provision, laid out in Sec.

Many people will have heard of the SPDX project through the work on the SPDX License List. This list of canonical identifiers for various software licenses is used in a huge range of developer-focused software, from Snyk to GitHub. But the SPDX project, which is part of the Linux Foundation, has a much broader focus on providing an open standard for communicating software bill of material information.