Working with the world’s largest enterprises and global policymakers to address the complexities of optimising software supply chain with SBOMs (Software Bill of Materials), Sonatype announced SBOM Manager.

This industry-first solution provides an integrated approach to managing SBOMs from third-party vendors, alongside those SBOMs created for their software, powered by Sonatype’s unique data and security research.

Compliance and cybersecurity

By enabling comprehensive optimisation of SBOM management, Sonatype sets a new standard for compliance, scalability, and cybersecurity.

Through its seamless management of SBOM generation, collection, categorisation, and ongoing monitoring, Sonatype SBOM Manager empowers organisations to achieve unparalleled security and efficiency in their software supply chains, marking a significant advancement on the journey toward integrated and secure software distribution and management.

Critical need for visibility

SBOMs are an indispensable tool for modern enterprises and government agencies

The digital landscape is witnessing a surge in the demand for greater transparency in software development; from regulations such as the EU's NIS2 Directive to the US Executive Order on Improving the Nation's Cybersecurity to industry mandates like the PCI Security Standards for financial institutions, and specific requirements for medical device manufacturers in the FD&C Act.

These growing requirements underscore the critical need for visibility into software supply chains, making SBOMs an indispensable tool for modern enterprises and government agencies.

Software transparency

Good software development is the crux of our modern world, and SBOMs have emerged as a critical building block in software quality. The FDA requires SBOMs for new medical devices, but there will be a trickle-down effect from this regulation. We’re seeing more diversity in use cases, with organisations across industries adopting SBOMs to provide transparency into their software components and supply chains,” said Katie Norton, IDC Research Manager, DevSecOps and Software Supply Chain Security.

As it becomes a widespread requirement, the challenge will be generating, monitoring, and managing these complex lists of dependencies at scale. Organisations need solutions like Sonatype’s SBOM Manager to help address this growing problem.”

Sonatype Lifecycle dependency

Organisations depend upon Sonatype Lifecycle to generate SBOMs in their software supply chains every day, and have for years,” said Mitchell Johnson, Chief Product Development Officer at Sonatype. 

"But, as software development and distribution continues to evolve, so too do the challenges associated with managing risk, compliance, and technical debt in the third-party software and software components you and your customers rely on."

World’s first easy-to-use solution

Sonatype’s SBOM Manager was developed with a deep understanding of these challenges as a software supply chain pioneer."

"Now we are introducing the world’s first easy-to-use solution for organisations to not only comply with emerging regulations but also to enhance their development productivity and security posture through greater transparency and control.”

Key features and benefits of Sonatype SBOM Manager

1) A powerful, yet easy-to-use System of Record for all SBOMs - Comprehensive SBOM Management: 

  • Generate both CycloneDX and SPDX SBOM formats with ease to share with internal and external stakeholders such as auditors, regulators, compliance officers, and customers.
  • Ingest and import SBOMs from third-party software, including VEX documents, and analyse them to pinpoint components, vulnerabilities, and contextual policy violations.
  • Monitor for policy violations, manage vulnerability disclosures to partners, and report on application risk in a way that makes it easy to understand across business functions, from procurement to legal, to software engineering.  
  • Store SBOMs from any source to create their own SBOM repository that you can continuously review and manage, ensuring complete visibility and control

2) Enhanced Compliance: Stay ahead of global regulations with tools designed to ensure continuous compliance, reducing the risk of penalties and reputational damage.

3) Advanced Security: Proactively identify and mitigate vulnerabilities within the software supply chain, enhancing security posture and protecting against potential breaches.

4) Strategic Advantage: Leverage Sonatype's superior data and deep expertise in SBOMs and component scanning to gain a competitive edge in software security and compliance.

5) Optimise Efficiency: Sonatype SBOM Manager significantly reduces the manual effort and complexity involved in handling SBOMs by automating SBOM generation, management, and monitoring. It also helps prioritise what issues need to be addressed first directly in the workflow.

Initially available as a SaaS solution, on-premise and air-gapped versions will be available in the fall of 2024.

Improving security and compliance

"With new regulations pushing for SBOMs, many are left wondering what to do with them. Without practical application, SBOMs risk being ignored and merely filed away,” said Brian Fox, CTO of Sonatype.

At Sonatype, we address this issue head-on. Our SBOM Manager turns these ingredient lists into actionable assets, allowing organisations to use their SBOMs to improve security and compliance. It's about making SBOMs work for you, not just collecting them."

Strategic asset

It represents over 15 years of Sonatype's commitment to innovation, security, and compliance in the software

Sonatype's SBOM Manager is not simply a tool, but a strategic asset for any organisation wanting to excel in the current fast-paced and regulation-heavy digital world.

It represents over 15 years of Sonatype's commitment to innovation, security, and compliance in the software industry.

First-of-its-kind feature

This announcement comes on the heels of another first-of-its-kind feature Sonatype released earlier in 2024, artificial intelligence and machine learning (AI/ML) component detection which extended the ability to create AI bills of materials (AI BOM). 

Currently available for preview, the Sonatype SBOM Manager will be generally available in June 2024.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?