Currently, SBOMs are generated using automated tools, which could led to incorrect data or missing out data. To make sure the correctness and completeness of the SBOM data, the SBOM needs to be properly augmented and enriched. And once it is enhanced towards good quality standards, signing them ensures authenticity and trust. This workflow bridge the gap between raw SBOM generation and releasing a reliable, production-ready SBOM.
Reference: https://github.com/SBOM-Community/SBOM-Generation/blob/main/whitepaper/Draft-SBOM-Generation-White-Paper-Feb-25-2025.pdf
Currently, SBOMs are generated using automated tools, which could led to incorrect data or missing out data. To make sure the correctness and completeness of the SBOM data, the SBOM needs to be properly augmented and enriched. And once it is enhanced towards good quality standards, signing them ensures authenticity and trust. This workflow bridge the gap between raw SBOM generation and releasing a reliable, production-ready SBOM.
Reference: https://github.com/SBOM-Community/SBOM-Generation/blob/main/whitepaper/Draft-SBOM-Generation-White-Paper-Feb-25-2025.pdf