December 05, 2022

What is an SBOM (Software Bill of Materials)?

Understand why SBOMS are vital as part of covering your cloud estate and better securing your environments.

What is an SBOM?

SBOM or the Software Bill of Materials is the inventory package that comprises the different software components and metadata that make up a software product. The need for an SBOM was codified in a bill approved in September 2022, by the US Senate Homeland Security and Governmental Affairs Committee which aims to “improve the visibility, accountability, and oversight of agency software asset management practices.

Essentially, the SBOM aims to streamline organizations’ use of third-party software components and better ensure their security to avoid software supply chain compromises.

Putting the SBOM into Practice in Your Cloud

SBOM Coverage of Your Cloud with Lightspin

We are excited to announce a new feature for SBOM inventory for workloads scanned by our agentless workload scanning across AWS, Azure, and GCP. The relevant workloads are EC2 Instances (AWS), Virtual Machines (Azure), and Compute Engines (GCP).

Lightspin's new capability is collecting the SBOM from every workload's filesystem scanned. The packages are tracked over time and correlated with their relevant discovered vulnerabilities (CVEs).

The SBOM is available as an additional tab on the asset page in our Dashboard for the scanned workload. They can be searched through the tab search panel or exported in a CycloneDX JSON Format.

OWASP CycloneDX is a lightweight SBOM standard designed for use in application security context and supply chain component analysis.

Lightspin platform
Clicking "Show More" will display the correlated vulnerabilities (CVEs)

Lightspin’s Cloud Native Application Protection Platform (CNAPP) provides real-time insights into risks across your entire cloud environment, scanning your multi-account and multi-cloud environments for complete visibility of your cloud estate.

Lightspin’s agentless solution provides complete asset inventory and details the critical vulnerabilities discovered, using the Attack Path Engine at the core of its technology, to surface the most critical risks, and offer dynamic remediation recommendations.

To find out more about how Lightspin can help you better achieve your cloud SBOM goals, start a free trial today


About Lightspin

Lightspin’s context-based cloud security empowers cloud and security teams to eliminate risks and maximize productivity by proactively and automatically detecting all security risks, smartly prioritizing the most critical issues, and easily fixing them. For more information, visit