How does Nuon handle customer requests for a Software Bill of Materials (SBOM) for deployed services and components?

QUESTION

How does Nuon handle customer requests for a Software Bill of Materials (SBoM) for deployed services and components?

ANSWER

While Nuon does not generate SBOMs, our policy engine can detect and enforce SBOM.

e.g., Policy examples vendors using Nuon can enforce:

• "Require all images to have an SBOM before deployment into customer VPC"

• "Only allow CycloneDX format SBOMs"

• "Block deployment entirely if no SBOM is present"

You the vendor would need to come up with SBOM yourselves for each individual image component and Nuon can help your customers verify with policies. This can be particularly important due to the executive order in US  & upcoming regulations in EU with CRA.

DOCS

• Policies

• Policies guide