Standardizing

Attestation Sharing

The Digital Bill of Materials (DBoM) provides the missing layer for policy controlled attestation sharing between organizations

Adopting Attestations

Challenges with Attestation Sharing Today

Attestations are the cornerstone to building secure supply chains in any industry. Examples of attestations that we share daily include Software Bills Of Materials (SBOMs), Vulnerability Exploitability eXchange (VEXs), Carbon Footprint data and ESG Information. However, the following challenges come into play

Sharing

Sharing

Sharing attestations across organizational boundaries in a manageable manner is hard

Automation

Automation

They must be published and updated constantly as the components they refer to change

Interoperability

Interoperability

There are a variety of formats. The transport must support conversion on the fly for easy integration

Policy Control

Policy Control

They have the potential to expose organizational IP, hence policy controlled distribution is essential

What does DBoM do differently?

A New Paradigm for Attestation Sharing

Attestation Sharing Today

Attestations are shared between different people across organizations over emails, shared links and other communication media. Users often have to manually search and ingest this data into their tools, sometimes missing essential context

This is error prone, hard to trust and is difficult to audit from a policy standpoint

Attestation Sharing with DBoM

Organizations set up policy controlled channels, on which attestations are automatically notarized and exported utilizing connectors. Consumers downstream subscribe to these channels and their tools utilize connectors for ingestion

This is automated, employs use of a well established trust framework and is auditable end-to end

Key Features

DBoM Gives You

Attestation Channels

Create broadcast, public and private channels to securely transmit, organize and store attestation data in a policy controlled manner

Notary

Seamlessly notarize your attestations and verify upstream attestations using pluggable notaries, including SigStore and Ethereum

Connectors

Use a plethora of pre-built connectors that work with your tooling for publishing and digesting attestations from channels.

Pub Sub

Get streaming updates to your attestations as changes are published from upstream sources

Auditability

Get a chronological history of every creation, update and deletion on your attestation channels

Modular Microservices Architecture

Easy to Run - Easy to Scale!

DBoM is built on a modular microservices architecture, with pre-packaged docker based deployments for development and easy-to-use Kubernetes deployments for production use

dbom-architecture
Getting Started With A DBoM Node

Let’s Build The Network Together!

Dive right in with our simple deployments for docker compose and kubernetes. Try DBoM to see the future of supply chain integrity and experience the Internet of Attestations

the-linux-foundation-logo

Copyright © DBOM Technical Project a Series of LF Projects, LLC

For website terms of use, trademark policy and other project policies please see https://lfprojects.org