In-Depth Review: How Accurate Are Today’s SBOM Tools

As the spotlight on software supply chain security intensifies, the call for adopting Software Bill of Materials (SBOM) becomes more resounding. To aid developers in this critical task, several SBOM generation tools have emerged, with Trivy and Syft leading the pack. These tools, boasting thousands of stars on GitHub and widespread integration in CI/CD pipelines, promise to simplify the generation of SBOMs. However, the burning question remains: How well do they perform? To answer this question, we conducted a thorough evaluation, documented in a comprehensive white paper. This blog serves as a condensed overview, highlighting notable issues discovered during our evaluation. For a more in-depth exploration, readers are encouraged to delve into the white paper.

Featured post icon

Unveiling Third-Party Libraries (and Their Vulnerabilities) in Closed-Source Applications

SBOM FAQ

How Deepbits Fulfills the Latest FDA Cybersecurity Guidelines for Medical Devices

How Binary Code AI Changes Malware Defenses?

Building SBOMs for COTS Android Apps

How Do You Upgrade OpenSSL in Your Software Stack? — SBOM and OBOM assisted software upgrade

Discovering Known Vulnerabilities in IoT Devices via Code Search

A Fast and Accurate Disassembler based on Deep Learning

Searching Statically Linked Vulnerable Functions in Minutes

Searching Vulnerabilities in Binaries

A Comparative Review of Embedding based Binary Code Search Techniques