Attestation Sharing

The Digital Bill of Materials (DBoM) provides the missing layer for policy controlled attestation sharing between organizations

Adopting Attestations

Challenges with Attestation Sharing Today

Attestations are the cornerstone to building secure supply chains in any industry. Examples of attestations that we share daily include Software Bills Of Materials (SBOMs), Vulnerability Exploitability eXchange (VEXs), Carbon Footprint data and ESG Information. However, the following challenges come into play



Sharing attestations across organizational boundaries in a manageable manner is hard



They must be published and updated constantly as the components they refer to change



There are a variety of formats. The transport must support conversion on the fly for easy integration

Policy Control

Policy Control

They have the potential to expose organizational IP, hence policy controlled distribution is essential

What does DBoM do differently?

A New Paradigm for Attestation Sharing

Attestation Sharing Today

Attestations are shared between different people across organizations over emails, shared links and other communication media. Users often have to manually search and ingest this data into their tools, sometimes missing essential context

This is error prone, hard to trust and is difficult to audit from a policy standpoint

Attestation Sharing with DBoM

Organizations set up policy controlled channels, on which attestations are automatically notarized and exported utilizing connectors. Consumers downstream subscribe to these channels and their tools utilize connectors for ingestion

This is automated, employs use of a well established trust framework and is auditable end-to end

Key Features

DBoM Gives You

Attestation Channels

Create broadcast, public and private channels to securely transmit, organize and store attestation data in a policy controlled manner


Seamlessly notarize your attestations and verify upstream attestations using pluggable notaries, including SigStore and Ethereum


Use a plethora of pre-built connectors that work with your tooling for publishing and digesting attestations from channels.

Pub Sub

Get streaming updates to your attestations as changes are published from upstream sources


Get a chronological history of every creation, update and deletion on your attestation channels

Modular Microservices Architecture

Easy to Run - Easy to Scale!

DBoM is built on a modular microservices architecture, with pre-packaged docker based deployments for development and easy-to-use Kubernetes deployments for production use

Getting Started With A DBoM Node

Let’s Build The Network Together!

Dive right in with our simple deployments for docker compose and kubernetes. Try DBoM to see the future of supply chain integrity and experience the Internet of Attestations


Copyright © DBOM Technical Project a Series of LF Projects, LLC

For website terms of use, trademark policy and other project policies please see