Flexera Launches SBOM Management Functionality in Flexera One IT Visibility to Boost Software Reliability and Security
Flexera One IT Visibility leverages the most trusted and comprehensive source of technology information in the world—Technopedia—to manage software bills of materials
Itasca, IL - February 20, 2024 Flexera, the company that helps organizations maximize business value from their technology investments, today announced the general availability of SBOM management functionality is now included in Flexera One IT Visibility. Flexera enterprise customers increasingly want software bills of materials (SBOMs), which provide inventories of the components included in the mission-critical software they use. The expanded need for enterprise software users to consume SBOMs from their software vendors is driven by increasing governmental regulations, the growing number of open source and third-party components per application, and high levels of cyber threats.
Flexera’s existing SBOM management capabilities are part of the pioneering software composition analysis (SCA) platform historically sold through Flexera’s Revenera division. With this launch, Flexera One IT Visibility supports software buyers' use cases with the same capabilities SCA customers' have relied on for over 15 years. The new SBOM management feature of Flexera One IT Visibility mitigates the increased risks of software vulnerabilities and data breaches. It also drives strategic technology decisions with a clear view of assets down to their component level. Flexera’s SBOM management is well known and regarded by software suppliers for its detailed insights into software components, with a comprehensive compliance library that includes more than 18 million components.
"SBOMs provide critical data about software, including which components, licenses, and security vulnerabilities are in play. SBOMs are therefore essential in order for enterprises to understand their risk profiles and to maintain compliance,” said Alex Rybak, senior director of product management and head of the open source program office (OSPO) at Revenera, a division of Flexera. “Since configuration management databases (CMDBs) are already saturated with data, they're unsuitable for storing SBOMs. The new SBOM management capability of Flexera One IT Visibility proves to be the optimal platform for ingesting first and third-party SBOMs, creating SBOMs to stay on top of security risks that are posed by all components.”
Flexera One IT Visibility delivers a broad range of capabilities, including software vulnerability enrichment and lifecycle management. The addition of SBOM management provides users with sophisticated automation, in-depth scanning capabilities, and cloud-based access. By monitoring software producers, third-party code, and internal modules, Flexera simplifies software complexities, supporting compliance and risk management initiatives.
With the SBOM management functionality of Flexera One IT Visibility, users can:
- Create a comprehensive list of all third-party components in a distributed or hosted app, including components from commercial off the shelf (COTS) and open source software (OSS) components
- Establish a defined relationship between components (i.e. parent/child, dependency, related, etc.)
- Construct, ingest, and export SBOMs in industry standard formats, including SPDX and CycloneDX
- Provide additional reports about your applications’ security posture snapshot, including vulnerability disclosure reports (VDR) and vulnerability exploitability eXchange (VEX) reports.
Organizations can use this SBOM management feature to:
- Ingest third-party SBOMs: When enterprises receive SBOMs from their software vendors and suppliers, Flexera reads in SBOM data to integrate it with the existing information in its Flexera One Technopedia database. This process links the SBOM data to related IT asset information, including vulnerabilities and other risk factors, including end-of-life (EOL) details.
- Construct SBOMs when third-party SBOMs are not delivered: For vendor-supplied software that does not include an SBOM, creating one is essential. When enterprises ask vendors for SBOMs but the vendors are unable to provide them, enterprises can construct their own. Software developed in-house, sourced as software-as-a-service (SaaS), or obtained from external vendors contain a variety of components, such as open source and third-party code, in addition to commercial software. By gathering and analyzing this diverse data, enterprises can develop a cohesive and actionable understanding of their software inventory and manage the associated security risk.
- Assess impact of newly reported security vulnerabilities: When a vulnerability is identified and disclosed for a given application, Flexera One IT Visibility customers will be able to use vulnerability IDs to look up impacted applications and devices on which they are deployed, then rapidly develop mitigation/remediation plans across their IT estate.
More about SBOM management in Flexera One IT Visibility is available at https://www.flexera.com/flexera-one/it-visibility/sbom-management.
Follow Flexera
About Flexera
Flexera helps organizations understand and maximize the value of their technology, saving billions of dollars in wasted spend. Powered by the Flexera Technology Intelligence Platform, our award-winning hybrid IT asset management and FinOps solutions provide comprehensive visibility and actionable insights on an organization’s entire IT ecosystem. This intelligence enables IT, finance, procurement and cloud teams to address skyrocketing costs, optimize spend, mitigate risk, and identifies opportunities to create positive business outcomes. More than 50,000 global organizations rely on Flexera and its Technopedia reference library, the largest repository of technology asset data. Learn more at flexera.com