Sonatype Releases SBOM Manager
March 19, 2024

Sonatype announced SBOM Manager, which provides an integrated approach to managing SBOMs from third-party vendors, alongside those SBOMs created for your own software, powered by Sonatype’s data and security research.

By enabling comprehensive optimization of SBOM management, Sonatype sets a new standard for compliance, scalability, and cybersecurity. Through its seamless management of SBOM generation, collection, categorization, and ongoing monitoring, Sonatype SBOM Manager empowers organizations to achieve unparalleled security and efficiency in their software supply chains, marking a significant advancement on the journey toward integrated and secure software distribution and management.

"Organizations depend upon Sonatype Lifecycle to generate SBOMs in their software supply chains everyday, and have for years. But, as software development and distribution continues to evolve, so too do the challenges associated with managing risk, compliance, and technical debt in the third-party software and software components you and your customers rely on,” said Mitchell Johnson, Chief Product Development Officer at Sonatype. “Sonatype’s SBOM Manager was developed with a deep understanding of these challenges as a software supply chain pioneer. Now we are introducing the world’s first easy-to-use solution for organizations to not only comply with emerging regulations, but also to enhance their development productivity and security posture through greater transparency and control.”

Key Features and Benefits of Sonatype SBOM Manager include:

- A powerful, yet easy to use System of Record for all SBOMs - Comprehensive SBOM Management.

Generate both CycloneDX and SPDX SBOM formats with ease to share with internal and external stakeholders such as auditors, regulators, compliance officers, customers.

Ingest and import SBOMs from third-party software, including VEX documents, and analyze them to pinpoint components, vulnerabilities, and contextual policy violations.

Monitor for policy violations, manage vulnerability disclosures to partners, and report on application risk in a way that makes it easy to understand across business functions, from procurement, to legal, to software engineering.

Store SBOMs from any source to create your own SBOM repository that you can continuously review and manage, ensuring complete visibility and control

- Enhanced Compliance: Stay ahead of global regulations with tools designed to ensure continuous compliance, reducing the risk of penalties and reputational damage.

- Advanced Security: Proactively identify and mitigate vulnerabilities within the software supply chain, enhancing your security posture and protecting against potential breaches.

- Strategic Advantage: Leverage Sonatype's superior data and deep expertise in SBOMs and component scanning to gain a competitive edge in software security and compliance.

- Optimize Efficiency: Sonatype SBOM Manager significantly reduces the manual effort and complexity involved in handling SBOMs by automating SBOM generation, management, and monitoring. It also helps prioritize what issues need to be addressed first directly in the workflow.

"With new regulations pushing for SBOMs, many are left wondering what to do with them. Without practical application, SBOMs risk being ignored and merely filed away,” said Brian Fox, CTO of Sonatype. “At Sonatype, we address this issue head-on. Our SBOM Manager turns these ingredient lists into actionable assets, allowing organizations to actually use their SBOMs for improving security and compliance. It's about making SBOMs work for you, not just collecting them."

Currently available for preview, the Sonatype SBOM Manager will be generally available in June 2024.

Share this

Industry News

November 21, 2024

Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.

November 21, 2024

Securiti announced a new solution - Security for AI Copilots in SaaS apps.

November 20, 2024

Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.

November 20, 2024

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:

November 20, 2024

Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.

November 20, 2024

Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.

November 19, 2024

OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.

November 19, 2024

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.

November 19, 2024

Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.

November 19, 2024

Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.

November 19, 2024

Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.

November 19, 2024

Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.

November 19, 2024

Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.

November 18, 2024

MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.