Import (via REST API) & manage the software libraries for your services (SBOM)

Understanding your technological footprint, and managing risks that you inherit by using third-party software, has become an essential and mandatory task to successfully build great and secure digital products.

VSM now allows you to easily import software library data (via REST API) for your services.

This has been a widely requested feature, as it allows product teams to understand their end-to-end technological footprint and risk, and become able to answer questions such as:

• Is my service XYZ using log4j library version 1.0.0?

• Which services & teams are using the log4j library 1.0.0? Are they a security risk?

We’ve built an API that allows you to send CycloneDX SBOM (software bill of materials) files for a given service.

CycloneDX is an open-source initiative supported by many large software companies, to streamline how you describe your software, including its components. One of which is the used third-party library.

Read more on how to use the API in our user documentation or see a hands-on tutorial with Jenkins as a CI/CD tool.