SBOM and Supply Chain Security Audit

Most organisations do not know exactly which third-party libraries are embedded in their software. For each product, a complete Software Bill of Materials (SBOM) is created and audited for security vulnerabilities, end-of-life components, and licence risks.

---

Focus Areas

Automated Inventory Codebases are scanned, standardised SBOMs (CycloneDX/SPDX) generated, and the invisible made visible.

Vulnerability and Malware Check Dependencies are cross-referenced against global security databases, end-of-life components without support identified.

Licence Risk Analysis Copyleft licences (like GPL) that could endanger trade secrets are found, secure alternatives proposed.

---

Key Data

• Duration: 2–4 days (per product/application).
• Deliverable: Complete SBOM files and risk report with concrete patch recommendations.
• Target Group: Software manufacturers, GovTech partners, and SMEs with sensitive data.

---

Methods

The methods behind this are documented in the Neuland Handbook:

• Public Code & SBOM : The foundation of transparency.
• Security Strategy : Holistic IT security.