Endevor

 View Only

Endevor Adds SBOM Support to Secure the Software Supply Chain

  • 1.  Endevor Adds SBOM Support to Secure the Software Supply Chain

    Broadcom Employee
    Posted Feb 01, 2023 01:47 PM

    Endevor now includes a software bill of materials (SBOM) generation tool for z/OS known as sbomz. You can issue the sbomz command from z/OS UNIX to generate an SBOM from an Endevor location, an Endevor package, a Team Build project, or z/OS files and data sets. Sbomz is part of core Endevor available via a PTF and also included in Team Build for convenience.

    sbomz helps organizations secure their mainframe software supply chains against attacks by enabling development teams to provide transparent, verifiable proof that the software, and how it was produced, are free from compromise and tampering. Further, the US Executive Order on Improving the Nation's Cybersecurity and EU Cyber Resilience Act, brought about by recent software supply chain attacks, will require SBOMs to be included with software distributions going forward.

    Similar to the ingredients label and tamper-proof seal you see on medicine at the store, sbomz produces a cryptographically signed SBOM for mainframe software. The SBOM describes the software, how it was produced, etc., and the cryptographic signature is the seal that can be verified to ensure the contents have not been changed.

    Where can I learn how to get started?
    A great way to start is by reviewing the blog "Is Your Mainframe Software Supply Chain Secure?" on the Modern Mainframe blog-site. This blog will help provide context for the importance of the tool and how it helps integrate mainframe with other tools in the software supply chain security landscape. Feel free to reach out if you have any questions.