Mar 13, 2023
09:16 AM
1 Kudo
Hi @GerdaZ, you are correct... SBOM Management has recently been introduced as a new capability in Flexera One. This is the beginning of the journey to provide management of SBOMs for discovered COTS application. The current integration allows Flexera One ITAM/ITV customers who also have an entitlement for Revenera SBOM Insights to manually import and associate SBOMs for discovered COTS applications.
While there no “integration” with FNMS on-premises, if an FNMS customer also has an SBOM Insights entitlement, they can use the two solutions together. The catch is that SBOM Insights in a SaaS solution while FNMS is on-prem. The REST API in SBOM Insights can be used to perform any SBOM functions (import, view, edit, etc.).
Please let us know if you have a specific use case in mind and we can discuss further details.
... View more
Mar 10, 2023
03:32 PM
1 Kudo
Thanks for the question@GerdaZ.
In September 2022, Revenera released a new SaaS product called SBOM Insights for SBOM Management. It supports ingestion of SBOMs in SPDX, CycloneDX, and Code Insight's JSON export formats to unify internal SBOMs for the code under your control and external SBOMs from upstream partners, developers, and software suppliers/vendors.
If you have discovered COTS applications using FNMS, you can create/import a corresponding SBOM into SBOM Insights and cross reference the discovered application to the SBOM. If your software vendor has provided SBOMs for the application which you have purchased from them, they can also be imported into SBOM Insights.
Once you import an SBOM into SBOM Insights, you can use the advanced search functionality to find SBOM parts of interest by part name, part age, associated license(s), associated security vulnerabilities, vulnerability ago, or package URLs (PURLs). You can also generate unified SBOM reports in SPDX, CycloneDX, and human readable (HTML/Excel) formats along with the associated security reports (VDR/VEX).
... View more
Mar 09, 2023
09:47 AM
1 Kudo
@jq3i4h9u, SBOM Insights is licensed separately from Flexera One. Please reach out to your CSM or account manager for more information.
... View more
Mar 09, 2023
09:44 AM
1 Kudo
Our SBOM management solution (SBOM Insights) generates SBOMs in SPDX, CycloneDX, and human-readable formats, and is compliant with NTIA's minimum standard. It also includes licensing, copyright, associated files, and security data (via associated reports) that goes beyond the minimum standard.
... View more
Mar 03, 2023
03:07 PM
2 Kudos
Hi All,
I am a member of Revenera’s OSPO and cybersecurity teams, and I wanted to make everyone aware that the National Cybersecurity Strategy (https://lnkd.in/gB9Su3mk) was published on March 2nd. Lots of collaboration between the public and private sector went into this strategy and it is a very significant milestone in the ultimate goal of improving the nation's cybersecurity. Whether your organization is a software and/or a software buyer, this is worth following for future developments as new legislation follows the strategy.
Here's a few of my initial thoughts:
It is great to see references to the importance of SBOMs
Make sure your security controls are periodically assessed for conformance with emerging risks as these regulations further evolve
Make sure your OSPO and Cybersecurity teams are discussing alignment to mitigate potential product liability problems in the near future
For more information, please take a look at how we can help with SBOM Management at https://www.revenera.com/software-composition-analysis/products/sbom-insights.
... View more
Dec 14, 2021
01:52 PM
Thanks for the question Mei. Code Insight v7 will have log4j updated for the 2022 R1 release. Code Insight v6 is still being assessed for impact of performing the Log4j 1x to 2.x update. We will post an update once we have more information.
... View more
Jan 26, 2021
04:12 PM
I wanted to take this opportunity to update some 2020 audit stats that I presented at the January SCA office hours.
Upon further review, I realized that I made a mistake in some of the calculations by double-counting some of the values.
Below is a list of updates for the numbers that were presented:
Scanned Files
Total Files Scanned in 2020
Changed from 35M to 17.8M >> down 19% vs. 2019 (22M)
Average Files Scanned in 2020
Changed from 474k to 208k >> up 14% vs. 2019 (182k)
Lines of Code (LOC) Analyzed
Total LOC Analyzed in 2020
Changed from 4B to 2.1B >> down 19% vs. 2019 (2.6B)
Average LOC Analyzed in 2020
Changed from 56.8M to 24.8M >> up 15% vs. 2019 (21.6M)
BOM Items Reported
Total Items in 2020
Changed from 350k to 174k >> up 117% vs. 2019 (80k)
Average Items in 2020
Changed from 4.4k to 2k >> up 203% vs. 2019 (662)
A revised slide deck will be posted on the Revenera Learning Center.
... View more
Jan 07, 2021
12:02 PM
2 Kudos
Here's a summary of the 10 office hours sessions we conducted in 2020:
February
Code Insight 2020 R1 Release Overview
March
DevOps with Code Insight
April
Workflow support in FNCI v7
Workflow demo (v6 & JIRA)
Workflow roadmap items
May
Data reuse capabilities
June
Rebranding update
Open Source Programs Discussion (external speakers)
July
Scan Agent Framework Overview
Merged Project Update
Pre/Post Build Scanning Use Cases
Scan Agent Framework Roadmap
August
SCA Updates
Code Insight 2020 R3 Preview
Code Insight 2020 R4 Sneak Peak
September
User Group Feedback
Open Sourcing Code Insight Extensions
2021 Product Themes & Candidate Areas of Focus
October
NVD Sync Issue Update
2020 R4 Update
November
Community update
Code Insight releases update
2021 product roadmap
Brainstorming exercise
Huge thanks to all of the attendees in 2020 and for all of your contributions to the discussions.
We will post the agenda for the January 2021 session soon.
Cheers!
... View more
Dec 15, 2020
08:11 PM
My apologies, you are correct, 6.13.0 did not have the Code Aware option, it was added in 6.13.1. So 6.13.0 is not impacted by this issue.
... View more
Dec 15, 2020
06:22 PM
Code Insight 6.13.0 6.13.1 had an option to enable Code Aware as a new scan feature. If Code Aware was enabled, then prior to each scan an NVD sync is performed to ensure the latest vulnerabilities are added to the product. This update was impacted by the NVD sync issue which has been resolved in Code Insight 6.14.2.
... View more
Dec 15, 2020
11:29 AM
1 Kudo
I have updated the previous post to be more specific. Please let me know if there are further questions.
... View more
Dec 14, 2020
09:25 PM
The following releases of Code Insight v6 were impacted by this issue:
6.13.1, 6.13.2, 6.13.3
6.14.0, 6.14.1
Code Insight 6.14.2 contains the fix for this issue. At this point, we do not plan on patching any of these versions.
All previous versions of Code Insight v7 were impacted by this issue. Code Insight 2020 R4 contains the fix for this issue. At this point, we do not plan on patching any previous Code Insight v7 releases.
... View more
Nov 04, 2020
02:26 PM
Please refer to the response for your other post that addresses this question: https://community.flexera.com/t5/FlexNet-Code-Insight-Customer/Downloading-vulnerability-information-during-scanning/m-p/168772#M158.
... View more
Nov 04, 2020
02:25 PM
Thank you for this question as it is an important part of our data improvement strategy. This response is also related to your previous post (https://community.flexera.com/t5/FlexNet-Code-Insight-Customer/Reduced-time-for-Electronic-Updates/m-p/159809) regarding update processing time.
We currently have several manners by which data is updated in Code Insight:
The Compliance Library (CL) is delivered on disk to customers and provides patterns for exact and source matching for scan server deep scans.
NG-bridge is a new exact match overlay data delivery mechanism that will be released as a beta in 2020 R4. It will provide patterns for exact matching beyond those in the Compliance Library. The NG-bridge will update itself automatically and can support an air-gapped deployment environment where needed. This mechanism will replace future CL deliveries and will become the ongoing way by which exact match data updates are delivered to the product. We are also exploring the feasibility of this approach for source match data.
The electronic update service delivers data updates to Code Insight that includes components, versions, licenses, and vulnerabilities. This update can be automatically run by the product as well as manually invoked by an admin, including in an air-gapped deployment environment.
As part of a scan, the automated detection module has its own update service that handles NVD vulnerability data as well as automated detection rules which drive its functionality.
We are planning the following improvements for 2021:
Fold the automated detection module updates into the electronic update service. This will accomplish two things: (1) a synchronized update process with consistent notifications and alerts, and (2) de-couping of the update from the scan process which allows updates to occur without the need to scan.
Design work for an incremental update process to speed up the update processing time.
... View more
About
Director, Product Management (SCA)
Latest posts by alexrybak
Subject | Views | Posted |
---|---|---|
119 | Mar 13, 2023 09:16 AM | |
221 | Mar 10, 2023 03:32 PM | |
200 | Mar 09, 2023 09:47 AM | |
211 | Mar 09, 2023 09:44 AM | |
378 | Mar 03, 2023 03:07 PM | |
1921 | Dec 14, 2021 01:52 PM | |
781 | Jan 26, 2021 04:12 PM | |
686 | Jan 07, 2021 12:02 PM | |
3485 | Dec 15, 2020 08:11 PM | |
3494 | Dec 15, 2020 06:22 PM |
Activity Feed
- Got a Kudo for Re: Import JSON into FNMS. Mar 13, 2023 05:53 PM
- Posted Re: Import JSON into FNMS on FlexNet Manager Forum. Mar 13, 2023 09:16 AM
- Got a Kudo for Re: Import JSON into FNMS. Mar 11, 2023 06:14 AM
- Posted Re: Import JSON into FNMS on FlexNet Manager Forum. Mar 10, 2023 03:32 PM
- Got a Kudo for Re: New SBOM Management in Flexera One. Mar 09, 2023 10:01 AM
- Got a Kudo for Re: New SBOM Management in Flexera One. Mar 09, 2023 09:49 AM
- Got a Kudo for Re: New SBOM Management in Flexera One. Mar 09, 2023 09:48 AM
- Posted Re: New SBOM Management in Flexera One on Flexera One Blog. Mar 09, 2023 09:47 AM
- Posted Re: New SBOM Management in Flexera One on Flexera One Blog. Mar 09, 2023 09:44 AM
- Kudoed Re: New SBOM Management in Flexera One for jq3i4h9u. Mar 09, 2023 09:41 AM
- Got a Kudo for Re: New SBOM Management in Flexera One. Mar 08, 2023 02:52 PM
- Posted SBOM Insights 2023.02.1 Release is Available on Product News. Mar 03, 2023 04:07 PM
- Posted Biden administration unveils long-awaited national cyber strategy on Product News. Mar 03, 2023 03:10 PM
- Tagged Biden administration unveils long-awaited national cyber strategy on Product News. Mar 03, 2023 03:10 PM
- Posted Re: New SBOM Management in Flexera One on Flexera One Blog. Mar 03, 2023 03:07 PM
- Kudoed New SBOM Management in Flexera One for bkelly. Feb 28, 2023 09:46 PM
- Kudoed Tips for Filing Support Cases (SCA) for jrubin1. Sep 19, 2022 04:05 PM
- Kudoed FAQ: SBOM Insights for cvirata. Sep 13, 2022 09:13 AM
- Kudoed Welcome, SBOM Insights newcomers! for cvirata. Sep 13, 2022 09:13 AM
- Kudoed Support Maintenance Plans for phowe. Aug 31, 2022 03:41 PM