Being able to query SBOMs across the application portfolio enables the organization to determine the impact rather than wait for each application development team to provide them with individual assessments or waste valuable time scanning each application again, Norton added.
Enforce will automatically create SBOMs for container images without them using Syft, an open source framework and library.
Centralized console
Enforce is also adding a search functionality in the platform’s console, allowing developers to easily search for specific packages, versions, licenses, or a file within their SBOMs.
“Organizations need SBOM management solutions, like what Chainguard is offering, that provide a centralized repository,” Norton said. “As modern applications typically include open source and third-party commercial libraries along with internally developed code, these solutions must be able to ingest SBOMs external to the organization. Further, the solution must be able to reconcile and normalize SBOM data to provide a unified, organization-wide view.”
The centralized console’s search and filter capabilities will further help in investigating vulnerabilities, according to the company. Additionally, Enforce will automatically generate daily vulnerability reports for supported container workloads using Grype, an open-source vulnerability scanner developed and maintained by the Anchore project.
Vulnerability reports are automatically created using the previously generated or ingested SBOM for each container image by focusing the scans on the list of available packages used in a workload.