Software Bill of Materials (SBOM)

CloudShark provides Software Bill of Materials (SBOMs) to help organizations meet modern security and compliance requirements. This document explains what SBOMs are, why they are important, and how to obtain them for your CloudShark deployment.

What is an SBOM?

A Software Bill of Materials (SBOM) is a comprehensive inventory of all software components, libraries, and dependencies used in CloudShark. Similar to a bill of materials in manufacturing, an SBOM provides complete transparency into the software supply chain by listing every component, including:

  • Open source libraries and their versions
  • Third-party dependencies
  • Software licenses
  • Component relationships and dependencies

Why Organizations Need SBOMs

As cybersecurity and supply chain transparency become increasingly critical, more enterprises are requiring SBOMs as part of their software purchasing and compliance policies. SBOMs enable organizations to:

  • Assess Security Risks: Quickly identify if your deployment contains components with known vulnerabilities
  • Ensure Compliance: Meet regulatory requirements and internal security policies
  • Manage Software Supply Chain: Understand and track all components in your software infrastructure
  • Respond to Vulnerabilities: Rapidly determine if newly discovered vulnerabilities affect your deployment
  • License Compliance: Verify that all software components meet your organization’s licensing requirements

Many government agencies and large enterprises now mandate SBOM documentation as a prerequisite for software procurement, following guidelines from organizations like CISA (Cybersecurity and Infrastructure Security Agency) and NTIA (National Telecommunications and Information Administration).

SBOM Formats and Standards

CloudShark SBOMs follow industry-standard formats to ensure compatibility with your existing security and compliance tools. To learn more about SBOM formats and standards:

  • CycloneDX - An open source SBOM standard designed for security and supply chain analysis
  • SPDX - Software Package Data Exchange, an open standard for communicating software bill of materials information
  • CISA SBOM Resources - U.S. government guidance on SBOM implementation and best practices
  • NTIA Minimum Elements for SBOM - Framework defining the minimum required elements for SBOMs
  • EU Cyber Resilience Act (CRA) - EU regulation introducing mandatory cybersecurity requirements for digital products

Obtaining CloudShark SBOMs

CloudShark SBOMs are available to customers upon request. To receive an SBOM for your CloudShark deployment or if you have questions about compliance requirements, please contact customer support at support@qacafe.com.