Find trustworthy SBOMs to secure your software supply chain
SBOMs for thousands of popular open-source images are available
Secure Your Software Supply Chain With Public SBOMs
The Colonial Pipeline ransomware attack on May 9, 2021 and the exponential increase in software supply chain attacks preceding it prompted the White House to issue Executive Order 14028 on Improving the Nation’s Cybersecurity on May 12, 2021. It requires publishers of critical software to provide government buyers “an SBOM for each product directly or by publishing it on a public website”. RKVST SBOM Hub is such a public website.
An SBOM (Software Bill of Materials) is a nested inventory for software, a list of ingredients that make up software components. SBOMs are generated by many tools, such as the SPDX SBOM Generator, or those found in the CycloneDX Tool Center. If you have an SBOM you can trust, you can use tools such as Grype to understand what vulnerabilities have been reported for the software packages in your image, and take appropriate actions to secure your digital operations.
Easily find trustworthy SBOMs for many popular images found on DockerHub
and other open-source repositories on RKVST™ SBOM Hub today.
RKVST SBOM Hub is the easy way to find SBOMs that comply with the Executive Order.