Platform Use Cases
Across the Organization.
SBOM tools are used to generate Software Bill of Material reports when software builds are executed. But generating the SBOM is only the first step. There is little point in generating an SBOM if the results are not analyzed and made actionable. For this reason, DeployHub’s SBOM tool is laser-focused on using the Software Bill of Materials report to continuously surveil open-source packages running across all system assets, including production, for newly discovered vulnerabilities, long after the software build step was completed.
DeployHub Pro is a continuous security intelligence watch center that consumes SBOMs and uses the data to continuously report on vulnerabilities. DeployHub’s superpower is its ability to aggregate SBOM and DevOps intelligence to provide complete security reports for all ‘logical’ applications in a decoupled architecture.
Key Concept
SBOM management is the process of consuming and sharing SBOMs.
DeployHub’s SBOM tool unifies SBOM data and continuously aggregates and shares the information to the critical level, the ‘logical Application.’ DeployHub Pro provides the insights needed to harden the security of end-user software by providing key insights into what is being delivered. DeployHub Pro’s Watch Center provides a view into each Component version’s SBOM and rolls that information up to create a ‘logical’ application version SBOM, supporting decoupled architectures.
Executive Order 14028 requires a Software Bill of Materials (SBOM) be provided for any software used by the federal government. DeployHub Pro’s Security Intelligence includes a central evidence room of SBOMs. By continuously aggregating SBOM data, you maintain visibility into your ecosystem of open-source, third-party, and internal components, overcoming the challenge of dependency management in modern microservice architectures. With DeployHub Pro’s SBOM management, you can comply with Executive Order 14028 for every logical application release…with a single click.
DeployHub’s SBOM tool integrates into your Continuous Delivery pipeline to monitor independently deployed component updates and capture new SBOM and CVE intelligence.
The DeployHub’s integration into your DevOps pipeline can add SBOM generation to the process if you are not already creating SBOMs. Adding SBOM generation to your pipeline is a critical step in understanding what open-source software your solutions depend upon. It is also required to know your vulnerabilities and exposures. At this point in time, it is simply not an option. To respond quickly to new vulnerabilities, you must know what you consume.
At the most basic level, SBOM data is needed to continuously determine your software’s common vulnerabilities and exposures (CVEs). In addition, SBOMs provide licensing and provenance information critical to deciding what open-source packages should be included or excluded from your internal supply chain. Using an SBOM tool to manage your SBOM data is a critical level of defense from supply chain attacks.
DeployHub Pro’s SBOM tool acts upon and consolidates your SBOM insights and DevOps intelligence. It continuously gathers and centralizes security forensics exposing the risk from hidden packages consumed as dependencies across the supply chain in decoupled architectures.
When DeployHub Pro analyzes your SBOM data, you can easily define zero-trust policies. With a single click, you can aggregate component level SBOMs to create a logical application SBOM, critical for teams working in a decoupled architecture that need to provide application level SBOM reports in government and other highly regulated industries.
DeployHub Pro’s aggregated SBOM reports provide normalized, detailed information about each component a logical application uses. At a minimum, for each component, the aggregated report includes:
Using the platform, it is easy to provide logical application SBOMs, even in complex, decoupled architectures where hundreds of components define a single solution delivered to end users.
A ‘normalized’ Application SBOM in a decoupled architecture.
SBOM Basics – What you Need to Know
an Ultimate Guide
Learn more about SBOMs, their types, and usage. This article provides you with the basics of SBOMs and their types.
Application SBOMs and Decoupled Architecture
Decoupled SBOMs
In a decoupled architecture, an Application-Level Software Bill of Materials (SBOM) report is typically unavailable. Discover how DeployHub Pro addresses this challenge.
Take A Tour
Explore Ortelius open-source. Sign up for Ortelius SaaS and experience vulnerability management in action with a quick, hands-on overview. DeployHub Pro is based on Ortelius OS. Ortelius is incubating at the Continuous Delivery Foundation.
