My TechDecisions

Compliance, Network Security, News

Microsoft Open Sources Salus SBOM Tool

Microsoft is open sourcing its SBOM tool Salus to help the IT industry better understand their dependencies on the software supply chain.

Leave a Comment

SBOMs, Microsoft, Salus
stock.adobe.com/monsitj

Microsoft is open sourcing its software bill of materials (SBOM) tool Salus to help the technology industry and IT decisionmakers better understand the security of their tools and their dependencies on the software supply chain.

SBOMs have recently been given heightened importance after several high-profile cybersecurity flaws in popular software products have led to widespread exploitation and attacks. That includes Log4Shell, the critical zero-day vulnerability in Log4j that allows attackers to send a specially crafted request to a vulnerable system and execute arbitrary code and take control of the targeted system.

SBOMs, essentially a list of ingredients and software packages included in an end product, is a key requirement in President Joe Biden’s executive order on improving cybersecurity.

Microsoft calls the Salus SBOM tool a “general purpose, enterprise-proven, build-time SBOM generator” that works across Windows, Linux and Mac platforms and uses the standard Software Package Data Exchange (SPDX) format.

The company says Salus can be integrated into build workflows and auto-detect NPM, NuGet, PyPI, CocoaPods, Maven, Golang, Rust Crates, RubyGems, Linux packages within containers, Gradle, Ivy, GitHub public repositories, and more through Component Detection. Microsoft will be adding more detectors to the Component Detection tool.

Documents created by Salus contain four main sections, including document creation information that contains software name, SPDX license, SPDX version, who created the document and when it was created; a list of files that compose the piece of software; a list of packages used when building the software; and a list of relationships between the different elements of the SBOM.

The Salus SBOM tool can also reference other SBOM documents for a larger view of dependencies, according to a Microsoft blog penned by two product and program managers.

“Microsoft wants to work with the open-source community to help everyone be compliant with the Executive Order,” the pair wrote. “Open sourcing Salus is an important step towards fostering collaboration and innovation within our community, and we believe this will enable more organizations to generate SBOMs as well as contribute to its development.”

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ