The Community is now in read-only mode to prepare for the launch of the new Revenera Community. During this time, you will be unable to register, log in, or access customer resources from Nov 22nd-Nov 25th. Click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FAQ: SBOM Insights

FAQ: SBOM Insights

What is SBOM Insights?

Revenera SBOM Insights is a SaaS inventory management solution that gives organizations the ability to manage security and legal risk by maintaining a complete and accurate SBOM in the cloud. It aggregates the SBOM from multiple data sources—both inside and outside your organization from upstream supply chain partners—and provides full visibility to security and legal teams as well as supply chain partners.

With SBOM Insights, you not only have the ability to identify and record all third-party IP through a complete and accurate SBOM, but to collect your SBOM parts from multiple sources—in industry standard SBOM formats (SPDX and CycloneDX). This inventory management solution provides full visibility to all third-party components to designated users within your organization and externally for your customers and downstream supply chain partners at any time.

SBOM Insights creates an active repository—with actionable data—of the ingredients withing your software applications.

 

Will SBOM Insights integrate with other SCA tools or does it require Code Insight?

SBOM Insights can ingest data directly from Code Insight via the project data export JSON file. However, it can also import SBOM data from any other SCA tools and SBOM generators in SDPX and/or CycloneDX formats. SBOM Insights is designed to work stand-alone and does not require Code Insight to be installed.

 

How is Revenera different than other vendors?

SBOM Insights is a commercially backed application that comes with the full weight of Revenera’s experienced team of engineers, product managers, services, and support staff. With SBOM Insights you get maintenance and support built into your purchase with a guarantee of security fixes.

SBOM Insights goes beyond being a document storage system. It enables you to ingest SBOM data from partners, vendors and suppliers in SPDX and CycloneDX formats, reconcile and normalize the data for a unified view. Furthermore, this advanced technology provides you with insights into the components you use.

With everything coming from your enterprise catalogued, when the next high-profile vulnerability hits, you have the unified data at your fingertips to quickly uncover your exposure and expediently fix problems—not just in the code you scanned, but also in all of the software components coming from outside your organization.

 

Does SBOM Insights replace Code Insight?

SBOM Insights is not a replacement for Code Insight. Code Insight (or your designated code scanning solution) is used for the discovery of open source and third-party components for the code under your control. In order to address industry maturity, Revenera is extending our SCA capabilities with SBOM Insights—a SaaS SBOM management solution which unifies and reconciles all SBOM parts coming from both within and outside your organization and gives complete SBOM visibility to whoever in your organization needs to know. SBOMs created from Code Insight (or your code scanning solutions of choice) can be ingested into SBOM Insights.

With everything coming from your enterprise catalogued, when the next high-profile vulnerability hits, you have the unified data at your fingertips to quickly uncover your exposure and expediently fix problems—not just in the code you scanned, but also in all of the software components coming from outside your organization.

 

What is the difference between SBOM Insights and Code Insight?

Code Insight is an on-premises software composition analysis solution that helps you discover, assess and manage your license and security risk across your portfolio of applications for the code under your control. It allows you to seamlessly fit compliance checks into your existing Engineering process during component selection, coding, code check-in, and the build. It is an open source and third-party component discovery tool and allows for the continuous scanning, discovery and identification of compliance and security issues.

SBOM Insights is your SBOM source of truth, supporting your need to deliver a complete and accurate SBOM regardless of the origin of the SBOM parts—internally or externally from outside vendors and partners. With SBOM insights you get inventory, and the generation of compliance artifacts.

 

Is there any difference in the users who use SBOM Insights and Code Insight?

Not a lot. Typical users of both tools include legal, security, and software development teams. SBOM Insights might also be of interest to your product teams, asset managers, software procurement teams, and partners/third-party vendors. Given SBOM Insights’ roadmap and the potential to deliver on trends and insights, we feel business executives will have interest in the reporting capabilities of the solution to make better business decisions.

Customers are also becoming much more savvy about the software supply chain. They want to know more about what solutions they are purchasing and what they are bringing into the organization to support infrastructure needs or what’s being passed on to their customers. Your customers may have an interest in reporting coming from both Code Insight for the codebases under your control and SBOM Insights to extend visibility to SBOM parts coming from outside your organization.

Labels (1)
No ratings
Version history
Last update:
‎Sep 13, 2022 09:10 AM
Updated by:
Contributors