Adopting Attestations
Challenges with Attestation Sharing Today
Attestations are the cornerstone to building secure supply chains in any industry. Examples of attestations that we share daily include Software Bills Of Materials (SBOMs), Vulnerability Exploitability eXchange (VEXs), Carbon Footprint data and ESG Information. However, the following challenges come into play
Sharing
Sharing attestations across organizational boundaries in a manageable manner is hard
Automation
They must be published and updated constantly as the components they refer to change
Interoperability
There are a variety of formats. The transport must support conversion on the fly for easy integration
Policy Control
They have the potential to expose organizational IP, hence policy controlled distribution is essential
What does DBoM do differently?
A New Paradigm for Attestation Sharing
Attestation Sharing Today
Attestations are shared between different people across organizations over emails, shared links and other communication media. Users often have to manually search and ingest this data into their tools, sometimes missing essential context
This is error prone, hard to trust and is difficult to audit from a policy standpoint
Attestation Sharing with DBoM
Organizations set up policy controlled channels, on which attestations are automatically notarized and exported utilizing connectors. Consumers downstream subscribe to these channels and their tools utilize connectors for ingestion
This is automated, employs use of a well established trust framework and is auditable end-to end
DBoM Gives You
Attestation Channels
Create broadcast, public and private channels to securely transmit, organize and store attestation data in a policy controlled manner
Notary
Seamlessly notarize your attestations and verify upstream attestations using pluggable notaries, including SigStore and Ethereum
Connectors
Use a plethora of pre-built connectors that work with your tooling for publishing and digesting attestations from channels.
Pub Sub
Get streaming updates to your attestations as changes are published from upstream sources
Auditability
Get a chronological history of every creation, update and deletion on your attestation channels
Easy to Run - Easy to Scale!
DBoM is built on a modular microservices architecture, with pre-packaged docker based deployments for development and easy-to-use Kubernetes deployments for production use