IBM and OWASP announce projects to help secure the software supply chain

No Comments
supply chain

The OWASP Foundation (Open Web Application Security Project) and IBM have today announced IBM’s contribution of two open source projects aimed at increasing trust across open hardware and software supply chains.

The two projects are SBOM Utility and License Scanner, which add to CycloneDX, a flagship OWASP project and a leading Bill of Materials (BOM) standard. These promote validation, content analysis and accuracy of software license information included within BOMs.

The IBM-developed SBOM Utility and License Scanner and will contribute open source technologies to OWASP to help developers enhance their quality of data on the front end and help validate SBOMs to assess risk.

SBOM Utility is designed to be an API platform used primarily to validate CycloneDX or SPDX format BOMs against their published schemas. It can also help validate derivatives created by organizations that want stricter BOM data requirements to be enforced.

License Scanner is designed to scan files for licenses and legal terms. It can be used to help identify text matching licenses and license exceptions from the complete, published SPDX License List. Out-of-the-box it matches against the 3.18 release of the SPDX licenses (a little less than 500) and license exceptions (40+) and comes with an option to import future versions of SPDX licenses.

License Scanner has been developed for integration into IBM Cloud's Continuous Delivery Service's DevOps toolchains and is also used as part of IBM’s legal clearance process for open-source and corporate software before approval for internal use.

"There is still a need for awareness, tooling and guidance to help create software with more security features," says Jamie Thomas, general manager, systems strategy and development at IBM. "IBM has a long history of contributing to a wide variety of open source communities such as the OWASP Foundation. We believe these contributions can help developers assess risk and create more secured applications that can build consumers trust."

Both SBOM Utility and License Scanner are on GitHub.

Image credit: Chan2545/depositphotos.com

No Comments

Comments are closed.

Got News? Contact Us

Recent Headlines

Infostealer malware targeting macOS enters the top 10 threats

83 percent of organizations use AI to generate code despite concerns

Bose launches new QuietComfort Earbuds with enhanced noise cancellation and wireless charging

KeyBudz Covert Mount offers ultimate protection for your Apple AirTag

Aluratek PicStick transforms any TV into a wireless digital photo frame

UK public worried about cyberwarfare

Scratch that! We’re actually no wiser about when Microsoft plans to release the Windows 11 24H2 update

Most Commented Stories

Windows 12.1 is everything Windows 11 should be -- and the Microsoft operating system we need!

38 Comments

10 shocking reasons Windows 10 outshines Windows 11

22 Comments

Rectify11 update arrives to fix Windows 11 -- download it now

20 Comments

Apple Intelligence will launch in beta and that’s unacceptable for a trillion-dollar company

16 Comments

Forget TeamViewer, RustDesk is the open-source alternative you've been looking for

15 Comments

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 3.6.1

14 Comments

Microsoft is bringing ads to the Windows 10 Start menu, just like in Windows 11

11 Comments

Donald Trump vs. Kamala Harris: Google ramps up efforts to protect Presidential Election integrity

11 Comments

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.