The Everything Feed - All Packet Pushers Pods

PP087: Why SBOMs Are Cooler and More Useful Than You Think

Nov 18, 2025
Guest
Natalie Somersall
In this engaging discussion, DevSecOps expert Natalie Somersall shares her rich experience from Booz Allen Hamilton and GitHub, diving into the world of Software Bills of Materials (SBOMs). She explains how SBOMs serve as crucial inventories for software components, aiding in vulnerability detection and transparency. Natalie also addresses challenges around SBOM adoption and offers insights into their operational value. Additionally, she introduces VEX for enhancing vulnerability context and stresses the importance of collaboration across teams for effective SBOM management.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

What An SBOM Actually Is

  • An SBOM is a machine-readable inventory that lists all components inside a finished software artifact.
  • It reveals third-party and open-source parts so consumers can know what they actually received.
INSIGHT

Two Main SBOM Standards

  • Two main SBOM standards exist: CycloneDX and SPDX, and they are convertible.
  • Vendors may supply either format, so tooling should handle both.
ADVICE

Generate SBOMs From Builds

  • Generate SBOMs from your build process to capture direct and transitive dependencies for reproducible builds.
  • Parse package manifests (requirements.txt, pyproject.toml) and package DBs to improve completeness.
Get the Snipd Podcast app to discover more snips from this episode
Get the app