logo
Dates

Author


Conferences

Tags

Sort by:  

Authors: Sophie Wigmore, Frankie Gallina-Jones
2022-10-28

tldr - powered by Generative AI

The importance of generating Software Bill of Materials (S-BOMs) for containerized applications and the need for multiple snapshots throughout development to detect potential tampering, new versions, or changes in dependencies.
  • S-BOMs for containerized applications can detect unexpected changes in the contents of a software application which can indicate potential tampering, new versions, or changes in dependencies.
  • Generating an S-BOM creates a snapshot of the components of a container at a specific time during the development process.
  • Multiple snapshots throughout development are necessary to detect any changes that may introduce new risks.
  • S-BOMs should be stored alongside the image it was generated for and published to a registry.
  • The question of when to generate S-BOMs is important to consider as it can affect the detection of potential risks.