Whitepaper Download
Continuous Security Intelligence Explored.
Understand how Continuous Security Intelligence can simplify the complexities of DevSecOps in decoupled systems.
Platform Use Cases
Across the Organization.
Aggregate SBOMs and Instantly Comply with Executive Order 14028.
SBOM tools are used to generate Software Bill of Material reports when software builds are executed. But generating the SBOM is only the first step. There is little point in generating an SBOM if the results are not analyzed and made actionable. For this reason, DeployHub’s SBOM tool is laser-focused on using the Software Bill of Materials report data to continuously monitor software running in production environments for vulnerabilities, long after the software build step was completed.
At the most basic level, SBOM data is needed to continuously determine your software’s common vulnerabilities and exposures (CVEs). In addition, SBOMs provide licensing and provenance information critical to deciding what open-source packages should be included or excluded from your internal supply chain. Using an SBOM tool to manage your SBOM data is a critical level of defense from supply chain attacks.
Key Concept
SBOM management tracks Software Bill of Material reports as they are generated across the DevOps pipeline. Learn more about SBOM management.
DeployHub is a continuous security intelligence watch center that consumes SBOMs and uses the data to continuously report on vulnerabilities. DeployHub’s superpower is its ability to aggregate critical security and DevOps intelligence data for all ‘logical’ applications in a decoupled architecture. Our SBOM tool acts upon and consolidates your supply chain and DevOps intelligence. It continuously gathers and centralizes security forensics exposing the impact low-level components have across the supply chain in decoupled architectures.
DeployHub’s SBOM tool unifies SBOM data and continuously aggregates and shares the information to the critical level, the ‘logical Application.’ DeployHub provides the insights needed to harden the security of end-user software by providing key insights into what is being delivered. DeployHub’s Watch Center provides a view into each Component version’s SBOM and rolls that information up to create a ‘logical’ application version SBOM, even in decoupled architectures.
Executive Order 14028 requires a Software Bill of Materials (SBOM) be provided for any software used by the federal government. DeployHub’s Security Intelligence includes a central evidence room of SBOMs. By continuously aggregating SBOM data, you maintain visibility into your ecosystem of open-source, third-party, and internal components, overcoming the challenge of dependency management in modern microservice architectures. With DeployHub’s SBOM management, you can comply with Executive Order 14028 for every logical application release…with a single click.
DeployHub’s SBOM tool integrates into your Continuous Delivery pipeline to monitor independently deployed component updates and capture new SBOM and CVE intelligence.
The DeployHub’s integration into your DevOps pipeline can add SBOM generation to the process if you are not already creating SBOMs. Adding SBOM generation to your pipeline is a critical step in understanding what open-source software your solutions depend upon. It is also required to know your vulnerabilities and exposures. At this point in time, it is simply not an option. To respond quickly to new vulnerabilities, you must know what you consume.
With DeployHub’s data, you can easily define zero-trust policies, such as stopping a deployment if an underlying component has known vulnerabilities. With a single click, you can aggregate component level SBOMs to create a logical application SBOM, critical for teams working in a decoupled architecture that need to provide application level SBOM reports
DeployHub’s aggregated SBOM reports provide normalized, detailed information about each component a logical application uses. At a minimum, for each component, the aggregated report includes:
Using the platform, it is easy to provide logical application SBOMs, even in complex, decoupled architectures where hundreds of components define a single solution delivered to end users.
Whitepaper Download
Understand how Continuous Security Intelligence can simplify the complexities of DevSecOps in decoupled systems.
As a shared DevSecOps tool, DeployHub aggregates SBOMs so you can maintain visibility into your ecosystem of components and comply with Executive Order 14028 with every release…with a single click.
Explore DeployHub