Software Bill of Materials Tool Open Sourced

• Salus is an open-source Microsoft tool for generating software bills of materials, which are typically created during build processes.
• It could help organizations ensure that software is built with secure components and identify dependencies that might otherwise be overlooked.

Salus produces a software bill of materials (SBOM) that itemizes the contents and dependencies of applications. The SBOM includes details such as sources and version numbers of included packages and hashes that can help determine if copies of the software have been altered. However, Salus does not provide features beyond generating the SBOM, such as active security enforcement or inventorying capabilities, and customers must confirm that the itemized components are current and secure with separate processes.

Documenting Build Contents

Modern software applications and services frequently rely on externally sourced libraries and packages, many of which are published as open source. Tracking the dependencies across builds, projects, and teams can be complex, especially as the dependencies are updated with features and improvements, such as those that address security vulnerabilities.