Software Supply Chain Security and SBOMs

Modern software consists of over 90% third-party components. By introducing Software Bills of Materials (SBOM), we make these invisible dependencies visible and secure the supply chain against vulnerabilities.

Focus Areas

Automated SBOM Creation We integrate tools into build pipelines that automatically generate a machine-readable list of all included components with every release.

Vulnerability Scanning and Alerting We monitor SBOMs against global security vulnerability databases. When new threats emerge (like Log4j), the affected systems are identified within minutes.

License Compliance Management We audit licenses of all dependencies. Risky open-source licenses (copyleft) that could endanger intellectual property are identified early.

Use Cases

  • GovTech Projects: Fulfilling transparency requirements in public procurement.
  • Security-Critical Software: Protecting infrastructures and financial systems.
  • Software Audits: Auditing technological quality and security when purchasing software companies (M&A).

Methods

The methods behind this are documented in the Neuland Handbook: