Question - Software BOM?

As we go through the process to setup Eramba here, one thing Cyber is asking is “what is the SBOM?” - posting here because I guess we won’t be the last to ask :slight_smile:

@eramba - is it possible to get this?

this is the only boom i know, joke aside i have no idea what sbom is … !

SBOM is a software bill of materials. Basically a list of all the nested dependencies in a software package. It will include all of the parts of the completed software including languages, packages, APIs and anything else used to complete the package.

These became more popular with security folks after Log4j as no one could say for sure if they were using it.

Here is a good article on SBOMs.

oh, never heard of it before.

just look at the code please, start with composer then look frontend libraries (jquery, etc).

regards !

Umm where? Docker doesn’t give you a cli… and I see no repo on github

$ docker exec -it eramba find / -type f -iname composer.json