In an effort to help developers meet new governmental regulations for protecting the software supply chain, WhiteSource released WhiteSource SBOM, a new tool that creates a software bill of materials (SBOM) and provides a path to remediation when vulnerabilities are identified.
The software supply chain has come under increasing scrutiny since the SolarWinds attack in late 2020, which exposed data from more than 18,000 companies and governmental agencies. In response, the White House issued an executive order that aims to improve the nation’s cybersecurity in order to protect governmental agencies and vital infrastructure from software supply chain attacks.
A key part of those efforts is the need for all software to contain SBOMs, a formal, machine-readable inventory of software components and dependencies used to track their supply chain relationships, dependencies, and hierarchical relationships.
WhiteSource SBOM identifies open source libraries, tracks and documents components, and automatically updates when changes are made, providing deep inspection and insight that make it possible to identify unintentional or malicious content being installed during application builds. When vulnerabilities are identified, WhiteSource SBOM provides a path to remediation that ensures updates won’t break the build.
“Attacks against the software supply chain increased more than 600 percent in the past year, and in two-thirds of those attacks, cyberattackers used code from suppliers to expand the attack,” said Rami Sass, Co-Founder and CEO of WhiteSource. “Organizations can now leverage WhiteSource SBOM to detect and remediate vulnerabilities, significantly reducing the risk of successful attacks.”