The Role of SBOM Management

Flexera SBOM Management gives organizations the ability to manage security and legal risk by maintaining a complete, accurate SBOM in the cloud. This cloud inventory management solution is hosted by Flexera on Amazon Web Services (AWS). It aggregates the SBOM over multiple sources and provides full visibility to security and legal teams as well as to supply chain partners.

The following sections provide more information:

• SBOM Management Data Model

• Data Relationships

Cloud-based SBOM Management Capabilities

SBOM Management offers the following SBOM management capabilities in the cloud:

• Inbound unification and reconciliation of SBOM parts across multiple data sources

• SBOM parts review and remediation

• Complete SBOM visibility to designated users with usage insights

• Outbound SBOM and obligation fulfillment support

Key Use Cases

The following are some use cases for SBOM Management:

• Model the structure (hierarchy) and composition of your applications through data imports (from Code Insight scans and other scan tools, manual disclosures, and automated scans (for example, through scan agents).

• Reconcile and normalize the SBOM across multiple data sources for a single view across your organization and your supply-chain ecosystem.

• Assess the legal and security risk in your applications based on non-compliant SBOM parts.

• Assess the current remediation status and remaining work for non-compliant SBOM parts.

• Assess the impact of the newly reported security vulnerabilities across your portfolio of applications and your supply chain ecosystem.

• Be alerted for new compliance issues over time across your portfolio of applications and your supply chain ecosystem.

• Obtain insights into component and license usage across your portfolio of applications and your supply chain ecosystem.