Software supply chain security for your distribution chain

Introducing SBOM360 Hub

Publish, Share & Use compliant SBOMs with confidence

Javed Hasan
Published in
4 min readMay 17, 2023

--

Today, Lineaje is proud to introduce the industry’s first comprehensive SBOM Exchange- SBOM360 Hub for the complex software distribution chain.

What does SBOM360 Hub do?

SBOM360 Hub connects software producers, software consumers (customers), and software sellers (Sales organizations at Software Producers, Software Distributors, and Software Resellers) — enabling them to publish, share and use complaint SBOMs and related compliance artifacts.

As Executive Order 14028 takes effect starting September 2023, software producers and their distribution chain will see significant friction unless they can deliver SBOMs and linked attestation artifacts to their customers. This creates challenges for software sellers across the distribution chain as they scramble to acquire SBOMs from producers and share SBOMs and related artifacts with evaluators and buyers. Software consumers need access to their vendors’ SBOMs and related artifacts to evaluate them and assess compliance. The SBOM360 Hub addresses these needs directly.

Who uses SBOM360 Hub?

With the SBOM360 Hub organizations can manage their software distribution chain with a unified platform that enables frictionless sales between the producers and consumers of software.

  • Software Producers and Sellers can now create and publish approved, attested, assessed, compliant SBOMs, self-attestation forms, and related artifacts for their products, map them to SKUs they sell, and share privately with their customers and distribution chain in a timely manner
  • Software Distributors and Resellers can request SBOMs and related artifacts from their vendors, make them available to their n-tier distribution (or distribution channels), and share them with their customers with a single click.
  • Software Consumers can simply subscribe to SBOM360 Hub, and search and request access to specific vendor SBOMs and related artifacts in one location. They can also communicate directly with their vendors to request all SBOMs and related artifacts needed for evaluation, purchase, and compliance.

Since all software is dynamic, the SBOM360 Hub provides automated notifications as software changes, new versions are released, or as new vulnerabilities, weaknesses, IOCs, etc. in the software become known. The SBOM360 Hub provides comprehensive security profiles of all open-source dependencies of these commercial products.

Users can search their SBOMs, their vendor’s SBOMs, and their entire dependency chain for vulnerabilities, threats, provenance, suppliers - or any of the more than 150 attributes providers give access to — in seconds.

Each version of every software is assessed by the SBOM360 Hub — enabling users to identify trends in the security profile of each software component enabling better roadmap planning and collaboration across the software distribution chain.

SBOM360 Hub : Bringing trust back into software

The SBOM360 Hub has been designed with all stakeholders in the software distribution chain. SBOM360 Hub aligns visibility between software producers and software consumers while providing software sellers the match-making ability to ensure software commerce is not impacted. SBOM360 Hub creates a safe, transparent & collaborative exchange.

SBOM360 Hub is feature rich. Key features Include:

Private, secure & searchable

Software producers can now publish SBOMs for their specific distribution chain with restricted sharing, ensuring their privacy. All SBOMs are encrypted if downloaded but visible to, and shareable with, all stakeholders.

Compliant SBOMs & compliance artifacts

SBOM360 Hub generates a compliance report (Does your SBOM meet EO14028 minimum compliance requirements?) and compliance artifacts (SDLC attestations and component-level attestations) for each version of each product ensuring that your distribution chain can continue to support your business seamlessly. These sets of documents are digitally linked and immutably notarized so the distribution chain and software consumers can use untampered, attested SBOMs that are tied to specific versions.

SBOM publishing with controlled SBOM depth & width

SBOM360 Hub allows organizations to publish their SBOMs and compliance artifacts at Minimum, Recommended, or Custom depths, giving agencies the ability to request more detailed information in compliance with Executive Order 14028.

SKU SBOMs or Product SBOMs: What’s your poison?

Software Producers offer multiple versions of the same product- configured differently; with features enabled and disabled, language support, specific compliance needs, various form factors, various operating systems supported, and various target segments. These versions are packaged and sold as SKUs through the distribution chain which software consumers, distributors, and resellers interact with.

With SBOM360 Hub software producers can create and publish SBOMs for both their products & SKUs which is useful for products that have multiple SKUs.

Customer invitations, requests & sharing with full visibility.

The SBOM360 Hub is a private, secure, and collaborative workspace for software producers, consumers, resellers, and distributors to participate in the ecosystem easily. New members can be invited with a single click, allowing for easy sharing across the distribution chain.

Subscribe to ALL SBOMs in one location!

Software consumers now have the option to request their vendors’ SBOMs or be invited to access them. With SBOM360 Hub , just like Software producers can now publish all their SBOMs to their entire distribution chain in one place, software consumers can now subscribe to their vendors’ SBOMS and manage their entire software supply chain in one location. They can also subscribe to specific notifications such as when new versions are available or when new vulnerabilities are found. SBOM360 Hub assessment engines continuously scan all subscribed SBOMs and provide automated notifications for relevant updates like new critical vulnerabilities discovered.

Software distributors & resellers

SBOM260 Hub allows for seamless software distribution while promoting collaboration and interaction between vendors and customers to improve the software that they both rely on.

The SBOM360 Hub upload API is compatible with any SBOM creation tool your organization may have chosen.

Pricing

Start with a free trial as a software producer, consumer or distributor, reseller, or system integrator. SBOM360 Hub is very attractively priced for our early customers. Take a look at our website and start now.

Getting started and availability

SBOM360 Hub is available immediately for Early Access. Go to SBOM360Hub.com, create an account and get started.

--

--

Lineaje
Lineaje

Published in Lineaje

Follow us to stay on top of cutting edge opinions and happenings in The Software Supply Chain

Javed Hasan
Javed Hasan

Written by Javed Hasan

Co-Founder & CEO Lineaje Inc.