The following outline describes how to start and what to do in order to generate SBOMs. This part is under development, additions will be published periodically. Existing chapters will be updated regularly. Register on IIoTSBOM to be informed about the updates and changes.
Step 1: set out guidelines – Secure Software Development Framework
Step 2: Implement security scanners
Step 3: identify and Manage vulnerabilities
Step 4: Identify and Manage Dependencies
Step 5: Manage licenses and open source relations
Part 6: Generate SBOM
Step 7: Manage SBOM
Step 8: Dynamically manage vulnerabilities based upon SBOM and VEX
Step 9: Automatically manage vulnerabilities based upon VEX
Step 10: Be confident on the Software Supply Chain Security, but watch out for further improvements.