Loopus

Pro Content

This lesson requires Loopus Pro access. Upgrade to unlock all courses, labs, and challenges.

Supply Chain SecuritySoftware Bill of Materials (SBOM)

SBOM Fundamentals

25 min
theory
+40 XP

Learning Objectives

  • Define Software Bill of Materials (SBOM)
  • Understand the legal and regulatory drive for SBOMs
  • Identify key components of a valid SBOM

Software Bill of Materials (SBOM) Fundamentals

An SBOM is a formal, structured record containing the details and supply chain relationships of various components used in building software. Think of it as a comprehensive "ingredient list" for your application.

The Need for Transparency


Historically, software was a "black box." Customers had no way of knowing what libraries or sub-components were inside. When a major vulnerability like Log4j (Log4Shell) hit, organizations spent weeks manually searching their servers and codebases just to find out if they were vulnerable.

With an SBOM, this search takes seconds. You simply query your SBOM database for the affected library.

Regulatory Pressure


Supply chain transparency is no longer optional. Following massive attacks like SolarWinds, governments have stepped in. The U.S. Executive Order 14028 now mandates that any organization selling software to the federal government must provide a machine-readable SBOM. Similar regulations are emerging in the EU (Cyber Resilience Act).

Minimum Elements of an SBOM


To be useful, an SBOM must include:
* Supplier Name: Who created the component.
* Component Name: What it is called.
* Version: The specific release.
* Unique Identifiers: Such as PURL (Package URL) or CPE (Common Platform Enumeration).
* Relationship: How components connect (e.g., "A is a part of B").

Answer the Questions0 / 3 completed

📚 KnowledgeQuestion 1

What is the "ingredient list" for software called?

Format: ****(4 chars)
Exact match required
⌨️ Hands-OnQuestion 2

Which US Executive Order mandated SBOMs for federal vendors?

Format: *****(5 chars)
Exact match required
📚 KnowledgeQuestion 3

Name one minimum element required in a valid SBOM.

Format: *******(7 chars)
Exact match required
Answer all questions correctly to unlock the next lesson
Previous
Answer all questions to continue