-
-
flow of project
-
frontendmodel
IDEA/SOLUTION PROBLEM STATEMENT: Design, develop and implement a software bill of materials (SBOM) generation tool that can generate the complete SBOM of custom-developed software (including in-house developments by organizations). PROPOSED SOLUTION: An User Interactive Platform that automatedly generates Software Bill of Materials for any Application. PROGRAM LANGUAGE IDENTIFICATION: To find the what programming language is used in the file using pygments and machine learning. ANALYSIS & VULNERABILITY PREDICTION: Depending on the type of program its necessary packages are used to analyze the code and checking vulnerabilities.(For python pipreqs and Bandit modules are used. COMPLIANCE ASSESSMENT RULE ENGINE: A rule engine built with python to check rules and warn users if any deviations found. SBOM APPLICATION: A Web based application to access retrieved information which aware users about the software . USE CASES:
ORGANIZATIONS: Helps Organizations to check open-source components and their licenses, ensuring compliance with licensing requirements and avoiding legal issues. CYBER SECURITY: Identify risks of using certain components before deployment. Easier to assess and mitigate vulnerabilities in the software supply chain. THIRD-PARTY VENDOR MANAGEMENT: When dealing with third-party vendors, SBOMs can be used to verify the software components used in the products or services being provided. SCALABILITY: This application allows you to implement in larger scale and make users aware about their software. SOFTWARE AUDITING: SBOMs enable software auditing and verification, ensuring that the software components used align with organizational policies and standards. DEPENDENCIES: Libraries or tools capable of generating SBOMs in standard formats. Security tools for the application development process, including tools for vulnerability
SHOW STOPPER: Ensuring that the SBOM accurately in complex software ecosystems. Uses GIT API in future, an alternate can be developed.
Log in or sign up for Devpost to join the conversation.