Brussels / 3 & 4 February 2024

schedule

Protobom: The Universal I/O Layer of SBOM


In 2022 the Department of Homeland Security, an agency of the US government, announced the formation of an SBOM task force, formed by seven startup companies with a mission to create basic building blocks for the software bill of materials ecosystem.

Out of this effort, the protobom project was born.

Protobom is a project that offers a universal, format-neutral SBOM I/O layer designed to work with SBOM data in a unified way. The project frees developers from caring about the nuisance of ingesting and writing SBOMs. Through a single interface, applications can handle any SBOM format when reading, writing and transforming the data. Protobom is defined in protocol buffers which makes it ideal for storing and transmitting SBOM data. It also means that the project is multilanguage.

On top of the I/O layer, protobom has a rich graph API helping developers query, remix, diff and filter information read from SBOMs. The project is young, but it is already at the core of various supply chain security projects under the OpenSSF umbrella, including SBOMit and OpenVEX.

Join us and explore how protobom abstracts and puts SBOMs at your fingertips!

Speakers

Photo of Adolfo García Veytia Adolfo García Veytia

Links