August 1, 20230 mins read
Looking for the Japanese version of this post? Click here or switch your language using the drop-down in the footer of the site.
On July 28, Japan Ministry of Economy, Trade and Industry (METI) published A Guide to Implementing the Software Bill of Materials (SBOM) for Software Management. The METI has focused on SBOM as one of the management methodologies to secure software and services and to improve the productivity of development in companies.
Snyk provides tools to create and scan SBOMs for vulnerabilities, helping organizations meet the requirements laid out by the METI Guide. This blog explores how Snyk can help to comply with the METI's guidance.
Why the METI cares about the software supply chain — and why you should too
In Japan, the Ministry of Economy, Trade and Industry (METI) held the Task Force on Software Management Methods to Ensure Cyber Physical Security (Software Task Force) from September 2019 to discuss and confirm the benefits and effectiveness of SBOM tools. In particular, it became clear that there are advantages in software vulnerability management and license management, and, as a result, benefits in increased development productivity, and guidance on the introduction of SBOM was developed.
Phases and steps of SBOM implementation by METI
The Ministry of Economy, Trade and Industry (METI) has divided the SBOM implementation into three major phases in their guide.
Environment and system development phase
SBOM creation and sharing phase
SBOM operation and management phase
The following is an overview of how Snyk supports each of these phases.
In the environment creation and system development phase, we will introduce Snyk's efforts in the selection, introduction, configuration, and learning of SBOM tools.
First, Snyk supports standard SBOM formats such as Cyclone DX and SPDX. In addition, Snyk is a Japanese legal entity and has developed a support service provided in Japanese by Japanese; support for the installation and configuration of SBOM tools can also be provided in Japanese. Snyk specializes in helping organizations secure their software supply chain and eliminating vulnerabilities. We'll share best practices based on our expertise and experience.
During the SBOM creation/sharing phase and the operation/management phase, Snyk can help automate SBOM output by incorporating scans into CI/CD or by working with SCMs such as GitHub to ensure that you always have the latest information. We can help you keep your information up-to-date.
Develop fast, stay secure.
In response to the development of the "Guide to Implementing the Software Bill of Materials (SBOM) for Software Management," Snyk ran a What Companies Should Do About the Software Bill of Materials (SBOM) webinar in Japanese. Watch today.