Microsoft Releases Open Source SBOM Generation Toolkit

Microsoft-Releases-Open-Source-SBOM-Generation-Toolkit

As part of a commitment to assist enterprises in becoming more transparent about supply chain linkages between components used when manufacturing a software product, software giant Microsoft has open-sourced its internal tool for creating SBOMs (software bill of materials).

According to Redmond, the tool, dubbed Salus, generates SBOMs based on the SPDX protocol and is compatible with Windows, Linux, and Mac platforms. In response to the U.S. government’s request for mandated SBOMs to give software transparency in the face of supply chain threats, Redmond decided to make the Salus tool open source.

An SBOM is fundamentally intended to be a complete record of the supply chain connections between the parts required to construct a software product.

Read More: https://www.securityweek.com/microsoft-releases-open-source-toolkit-generating-sboms