SBOMit – Open Source Security Foundation

The SBOMit specification is a SBOM format independent method for attesting components with additional verification information. These attestation are generated at the time the supply chain was generated.

This verification information, which uses in-toto attestations and layouts, is able to be validated by a party to get a high degree of assurances about the software.

Specification

GitHub

Copyright © 2024 The Linux Foundation® . All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page. Linux is a registered trademark of Linus Torvalds. Privacy Policy and Terms of Use.

Subscribe to the OpenSSF Newsletter!

Get the latest announcements, event info, and the community news in your inbox