Snyk Blog

How Snyk can help secure supply chains per "A Guide to Implementing the Software Bill of Materials (SBOM) for Software Management"’ by Japan's METI

Written by:
Hiroko Nakano
Hiroko Nakano
wordpress-sync/feature-snyk-supply-chain-purple

August 1, 2023

0 mins read

Looking for the Japanese version of this post? Click here or switch your language using the drop-down in the footer of the site.

On July 28, Japan Ministry of Economy, Trade and Industry (METI) published A Guide to Implementing the Software Bill of Materials (SBOM) for Software Management. The METI has focused on SBOM as one of the management methodologies to secure software and services and to improve the productivity of development in companies. 

Snyk provides tools to create and scan SBOMs for vulnerabilities, helping organizations meet the requirements laid out by the METI Guide. This blog explores how Snyk can help to comply with the METI's guidance.

Why the METI cares about the software supply chain — and why you should too

The background to METI's development of the SBOM guidance is the increasing number of incidents in which attacks on the software supply chain have caused significant damage: in December 2020, SolarWinds — a company that provides system management tools that were part of many software supply chains — was attacked and the companies that used their software were harmed. As a result of this incident, the implementation of SBOMs is becoming more prevalent worldwide, starting with the 2022 Executive Order by President Biden in the United States.

In Japan, the Ministry of Economy, Trade and Industry (METI) held the Task Force on Software Management Methods to Ensure Cyber Physical Security (Software Task Force) from September 2019 to discuss and confirm the benefits and effectiveness of SBOM tools. In particular, it became clear that there are advantages in software vulnerability management and license management, and, as a result, benefits in increased development productivity, and guidance on the introduction of SBOM was developed.

Phases and steps of SBOM implementation by METI

The Ministry of Economy, Trade and Industry (METI) has divided the SBOM implementation into three major phases in their guide.

  1. Environment and system development phase

  2. SBOM creation and sharing phase

  3. SBOM operation and management phase

The following is an overview of how Snyk supports each of these phases.

In the environment creation and system development phase, we will introduce Snyk's efforts in the selection, introduction, configuration, and learning of SBOM tools.

First, Snyk supports standard SBOM formats such as Cyclone DX and SPDX. In addition, Snyk is a Japanese legal entity and has developed a support service provided in Japanese by Japanese; support for the installation and configuration of SBOM tools can also be provided in Japanese. Snyk specializes in helping organizations secure their software supply chain and eliminating vulnerabilities. We'll share best practices based on our expertise and experience.

During the SBOM creation/sharing phase and the operation/management phase, Snyk can help automate SBOM output by incorporating scans into CI/CD or by working with SCMs such as GitHub to ensure that you always have the latest information. We can help you keep your information up-to-date.

Develop fast, stay secure.

In response to the development of the "Guide to Implementing the Software Bill of Materials (SBOM) for Software Management," Snyk ran a What Companies Should Do About the Software Bill of Materials (SBOM) webinar in Japanese. Watch today.

If you have any questions regarding SBOM compliance, please feel free to contact us in English or Japanese.

Posted in:Application Security, Supply Chain Security
wordpress-sync/feature-snyk-supply-chain-purple

How to Build a Security Champions Program

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.

See the playbook

See Snyk in action

Book an expert demo to see all the features of Snyk’s software supply chain security solution in action.

Book a live demo
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon