Elementaris Supply Chain Service

SW Supply Chain Management mit SW Bill of Materials (SBOM) in 8 Levels

Software supply chain is increasingly the center of cyberattacks. With them, regulatory requirements addressing the matter grow in number as well. They often mention SBOM (Software Bill Of Material) which is used to document and audit the content, dependencies and creation of an application. However, achieving a sustainable effect is only possible if the SBOMs are continuously reviewed. It forms the basis for reacting appropriatly to freshly discovered vulnerabilities and thus maintain the desired level of security.

The SaaS “Elementaris” is an SBOM inventory for continuously monitoring vulnerabilities of software artifacts and enables quick and efficient responses to changing threat vectors. It also proveds an independent risk score for each of these artefacts that can be used in risk assessments.

During implementation, we focus on achieving the following 8 levels.

1

Vulnerability Management

Choose your party for this "game" and define the roles they play in vulnerability management. You have the option to organize it centralized or decentralized.

2

Security Requirements (Supplier)

As more stakeholders are joining the party, rules have to be negotiated. Adjustments of contracts with software suppliers may be necessary to comply existing and new security requirements.

3

Essentx-Elementaris Integration

Suddenly, the first boss named "integration" enters. As long as you are prepared for defining the host region and authorization specifications, this fight is an easy win.

4

Supplier Onboarding

By choosing essentix as part of your party, the Service Requests challenge is not really a challenge at all. In no time, the software supplier will be authorized to the plattform, where they can deliver SBOM and Containers.

5

Inventory

This game gets easier and easier, you notice after discovering that the elementaris service provides an automated inventory, as soon as it has been integrated. Free XP!

6

Quality Gate

After such a smooth game, you didn't expect this boss at all! By reaching transparency, you suddenly realize, vulnerable artifacts continue ending up in production! Luckily, elementaris' quality gate can be integrated in existing deployment pipelines. Again, easy win.

7

Risk Reporting

Your party has successfully developed into a self-running system! Meanwhile, elementris provides you with insights of the components' usage, location and vulnerability development.

8

Remidiation

The final step of the skill tree is self-healing. Elementraris informs the software suppliers directly about newly arisen vulnerabilities. They are now able to process and fix them without any detour. Thus, the system heals itself. You played the perfect game!