sneSCM.org

Specialist Network of Excellence
in
Software Configuration Management

Time: Wednesday, June 11th, 2025, 15:15-16:00 (CET).

Place: Room E:2116, LTH, Lund or online at your own computer.

Title: Wringing value out of eSBoMs

Host: Andreas Bergqvist and Karl-Philip Ble Cato, Lund University and ABB.

Legislative actions in both the European Union and the United States have sparked discussions surrounding the Software Bill of Materials (SBoM) as a means of enhancing transparency in the software supply chain. This case study investigates how SBoMs can be leveraged throughout the development process.

Interviews were conducted with fourteen employees to find key data points of interest and their utilization. The results from these interviews were compiled into a use case catalog and a set of data points. Our use case catalogue is structured by introducing archetypes, grouping our use cases for increased readability.

This study defines a standard SBoM to meet the requirements set by technical guidelines interpreting European and American cybersecurity legislation. Our set of data points are then compared to the Standard SBoM to identify which are extensions. Most use cases can be achieved through standard data points, further advocating for early SBoM adoption. Additionally, a data gap was identified that the extended SBoM (eSBoM) could address.

In this study the SBoM is generated within the CI/CD pipeline to enable automation, demonstrating an effective way of incorporating SBoMs early in development process. The SBoM can enhance transparency internally, accompanying the component it describes.

Registration is mandatory by email to Lars Bendix (bendix@sneSCM.org).

When you register, please state if you want to attend in person or online - and include your name and a question/problematic/aspect that you would like the hosts to address during the CMCM.