VeriBOM User Guide
  • Getting Started
    • Introduction
    • Signup up for VeriBOM as an Organization
    • Login to VeriBOM as an Organization
  • SBOM Concepts
  • Product Management
    • Adding Product
    • Editing Product
    • Deletion of Product
    • Additional Notes
  • Connection Management
    • Adding Connection as Publisher
    • Adding Connection as Auditor
    • Editing Connection
    • Deletion of Connection
  • Project and SBOM Management
    • Adding Project
    • Scan Sources Integration
      • Source Code Upload
      • SCM Integration - GitHub
      • Container Image Scanning
      • CI/CD Integration - Jenkins
      • Container Orchestration Platforms
    • Initiating SBOM Scans
    • Publishing SBOMs
    • Editing Project
    • Deletion of Project
  • User Management
    • Adding User
    • Editing User
    • Deletion of User
  • Roles and Permissions Management
    • Predefined Roles and Permission
    • Custom Roles and Permission
      • Permissions Hierarchy
  • Organization Types
    • Sending Invitation Request to Organization From Partner Portal
    • Sending Invitation Request to Partner From Partner Portal
    • Free Publisher
    • Publisher
    • Auditor
  • Appendices
    • Contact Information
    • Glossary
    • Troubleshooting
    • Frequently Asked Questions (FAQ)
    • VeriBOM Video Guides
    • Best Practices
    • References
    • Supported Languages and Manifests
Powered by GitBook
On this page
  1. Appendices

Best Practices

Best Practices

To make the most of VeriBOM and ensure efficient and secure software supply chain management, consider the following best practices:

1. Regular SBOM Generation

Frequently generate SBOMs for your software projects. This ensures you have up-to-date information on software components, dependencies, and vulnerabilities.

2. Automation

Utilize the tool's automation features for SBOM generation, especially for projects in your CI/CD pipeline. Automated scans save time and reduce human error.

3. Review and Verification

Before publishing SBOMs to connections, review them for accuracy. Verify that the software components, versions, and dependencies are correctly identified.

4. Role-Based Access Control

Implement role-based access control to restrict access and permissions according to users' roles. Assign roles that match their responsibilities within your organization.

5. Regular Audits

Conduct regular audits of your SBOMs to check for discrepancies, outdated information, or vulnerabilities. Address any issues promptly.

6. Training and Awareness

Train your team members on how to use VeriBOM effectively. Raise awareness about the importance of SBOMs in software security and compliance.

7. Security Considerations

Ensure that VeriBOM is used securely. Implement security best practices such as strong authentication, encryption, and access controls.

8. Documentation

Maintain documentation for your software projects, including SBOMs. Keep records of SBOM versions and changes.

9. Backup and Recovery

Regularly back up your SBOM data to prevent data loss. Have a recovery plan in place in case of any unforeseen issues.

10. Compliance

If your organization operates in a regulated industry, make sure your use of VeriBOM complies with relevant standards and regulations.

11. Collaboration

Promote collaboration between development, security, and operations teams. Cooperation can improve software security and ensure comprehensive SBOM management.

12. Feedback and Improvement

Encourage feedback from users and regularly assess the tool's performance. Use feedback to make improvements and enhancements.

Following these best practices will help you effectively manage your software supply chain, enhance security, and ensure compliance with industry standards and regulations.

PreviousVeriBOM Video GuidesNextReferences

Last updated 1 year ago