Codenotary, the Texas-based software supply chain security specialists, has launched a self-updating Software Bill of Materials (SBOM) tool - TrueSBOM - for serverless applications.TrueSBOM is designed for use on Cloud-based applications running on AWS Lambda, Google Cloud Functions, or Microsoft Azure Functions.
SBOM refers to the lists of components of applications when they are created. Compiling an SBOM for a cloud-native application can be arduous as these apps are created and updated ‘on-the-fly’ each time they are invoked, standard methods would require the SBOM to be maintained every time an update is made.
With TrueSBOM, applications self-report their components so that the SBOM always remains up-to-date, Codenotary said. This is critical for modern applications like serverless that self-update, where relying on an external SBOM generation at build-time would not pick up the new updates.
“The real-time update capability of our TrueSBOM technology makes it possible to generate an SBOM for serverless apps, which previously was almost impossible leaving organisations with a gaping security hole,” said Dennis Zimmer, co-founder and CTO of Codenotary (pictured). “Now, with TrueSBOM it’s possible to generate the list of ingredients that make up the application in real-time adding a new level of security to serverless applications.”
The new TrueSBOM for Severless helps enterprises comply with President Biden’s Executive Order on Improving the Nation’s Cybersecurity, which includes maintaining a Software Bill of Materials (SBOM), as well as the SLSA security framework, launched by a group of US federal agencies in recognition of the risks to the software supply chain in September.
In addition, TrueSBOM includes vulnerability scanner results or trust and integrity information for the application. TrueSBOM can be added to an application through one line in its source code, Codenotary claims.