Challenges of Producing Software Bill Of Materials for Java

Musard Balliu; Benoit Baudry; Sofia Bobadilla; Mathias Ekstedt; Martin; Monperrus; Javier Ron; Aman Sharma; Gabriel Skoglund; C\'esar Soto-Valero,; Martin Wittlinger

arXiv:2303.11102·cs.SE·November 28, 2023·5 cites

Challenges of Producing Software Bill Of Materials for Java

Musard Balliu, Benoit Baudry, Sofia Bobadilla, Mathias Ekstedt, Martin, Monperrus, Javier Ron, Aman Sharma, Gabriel Skoglund, C\'esar Soto-Valero,, Martin Wittlinger

PDF

Open Access 1 Repo

TL;DR

This paper investigates the difficulties in generating accurate Software Bills of Materials (SBOMs) for complex Java projects, highlighting key challenges and limitations in current tools.

Contribution

It provides a detailed analysis of six SBOM tools and uncovers fundamental challenges in their accuracy and reliability for Java software supply chains.

Findings

01

Current SBOM tools face significant accuracy challenges.

02

Complex Java projects expose limitations in existing SBOM generation methods.

03

Identifies key obstacles for reliable SBOM production in Java ecosystems.

Abstract

Software bills of materials (SBOM) promise to become the backbone of software supply chain hardening. We deep-dive into 6 tools and the accuracy of the SBOMs they produce for complex open-source Java projects. Our novel insights reveal some hard challenges for the accurate production and usage of SBOMs.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

chains-project/sbom-2023
noneOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsManufacturing Process and Optimization · Software Engineering Research · Software Engineering Techniques and Practices