SBOM Generation 📄

You can now generate a software bill of materials (SBOM) from both Checkov and the Bridgecrew platform. With an SBOM, you can gain visibility into the inventory and any security issues of software components of cloud-native applications. SBOMs can also be used to identify any tampering based on unexpected changes to the components list.

SBOMs are now available to export in both CycloneDX and CSV formats and will include all resources such as non-violating and violating infrastructure as code (IaC), open source packages, and container images. In addition to including a full inventory of components, SBOMs will also include vulnerabilities, misconfigurations, and known licenses for dependencies.

From Checkov, you can generate an SBOM by using -o csv or -o cyclonedx:


And you can generate an SBOM from the Bridgecrew platform from either the Development Pipelines or Supply Chain pages:


Read our documentation to learn more.