SBOMit

The SBOMit specification is a SBOM format independent method for attesting components with additional verification information. These attestation are generated at the time the supply chain was generated.

This verification information, which uses in-toto attestations and layouts, is able to be validated by a party to get a high degree of assurances about the software.

Specification

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

SBOMit

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Get the latest announcements, event info, and the community news in your inbox

SBOMit

We envision a future where OSS is universally trusted, secure, and reliable. Join us in making open source more secure.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox