Automatically generating SBOMs with SCA using Vigiles by NXP
March 2 @ 10:00 am - 12:00 pm
Developing software products with a destination US needs to be able to present a Software Bill of Materials. How to build those?
Vigiles™ is an SBOM Management and Vulnerability Monitoring and Remediation Software by NXP Semiconductors
The Software Composition Analysis (SCA) tool helps generate and analyze a Software Bill of Materials (SBOM) for publicly known cybersecurity vulnerabilities, particularly CVEs. Vigiles is optimized for embedded systems, and it provides a complete vulnerability lifecycle management tool: discovery, prioritization, triaging, remediation, compliance and on-going monitoring/alerts.
Vigiles software uses advanced scanning and validation algorithms to identify vulnerabilities specific to your projects and software components. Vigiles software filters out the noise. The Vigiles software tracking algorithm produces very high accuracy combined with a very low false positive rate. The result is security management for your project that is streamlined and highly efficient.
Vigiles reports vulnerabilities by analyzing the components in a SBOM (list of packages and associated versions i.e. Software Bill of Materials – SBOM for your product) against a Timesys curated vulnerability database. To generate the SBOM, there are three options:
Automatic generation: Vigiles directly integrates with build systems (Yocto, Buildroot, OpenWrt, and Timesys Factory) to generate and upload the software SBOM to Vigiles.
BOM CSV (manually or externally generated): Vigiles supports custom Software BOM in CSV format (example obtained from package managers, custom build systems, hand generated etc).
Create SBOM wizard: Vigiles provides a UI where components can be selected to create a Software BOM.
Once the SBOM is uploaded/created, Vigiles scans the packages listed in the SBOM for vulnerabilities and redirects to the CVE Dashboard which provides tools/information to help remediate the vulnerabilities. For on-going monitoring of new vulnerabilities sign up for email alerts or run on-demand scans.
During this webinar, NXP will demonstrate Vigiles during the design and after-sale process of a product.
- 10.00h : introduction and context for the webinar, Ulrich Seldeslachts – LSEC – IIoTSBOM
- 10.10h : introduction to NXP & Vigiles
- 10.30h : some examples of SBOM outputs using Vigiles analyses
- 11.00h : connecting Vigiles output SBOMs to CycloneDX, by Luca Gattobigio – LSEC – IIoTSBOM
- 11.15h : the process of integrating Vigiles and requirements
- 11.45h : Q&A and next steps
- 11.55h : wrap-up
- 12.00h : close of webinar
This event is organised in the context of the VLAIO COOCK IIoTSBOM and supported by the Flemish government to ensure collective knowledge transfer of expertise to a wider enterprise community.
The webinar is free to participate to, but please register to participate in the Zoom webinar.
The session will be recorded and made available for further distribution after this session.