MS Ai Insider

Unlock Supply Chain and Security Issues with OmniBOR: Exploring the Architecture of Build Tools

Posted by

ailona

On this episode of Open at Microsoft, Ed Warnicke, one of the founders of OmniBOR, explains how this minimalistic scheme for build tools can help navigate supply chain problems and security issues. OmniBOR complements SBOM formats, such as SPDX and CycloneDX. Learn more about the architecture of OmniBOR and how it can help with projects.

Open at Microsoft – OmniBOR

Microsoft’s Open at Microsoft blog series recently featured Project OmniBOR, a minimalistic scheme for build tools to embed a unique, content-addressable reference in each step of a build process. OmniBOR (formerly GitBOM) stands for Universal Bill Of Receipts and enables the generation of a compact Artifact Dependency Graph, tracking every source code file incorporated into each built artifact.

What is OmniBOR?

OmniBOR is designed to effortlessly construct a verifiable Artifact Dependency Graph (ADG) across languages, environments, and packaging formats, with zero developer effort, involvement, or awareness. However, OmniBOR is not designed to be a replacement for SBOMs — rather it complements SBOM formats, such as SPDX and CycloneDX.

What are the Benefits?

OmniBOR can help developers answer questions such as “Does this product contain log4j?” by providing a precise artifact identifier which can be used in situations where naming schemes may be ambiguous or when critical dependencies are nested deep in a supply chain.

How to Get Involved

Tech-savvy audiences can watch the Open at Microsoft episode to learn more about the architecture of OmniBOR and how it can help with projects. Interested parties can also check out the OmniBOR project on GitHub or join one of the community’s weekly meetings to contribute to the project or add support to open source build tools.

OmniBOR is designed to effortlessly construct a verifiable Artifact Dependency Graph (ADG) across languages, environments, and packaging formats, with zero developer effort, involvement, or awareness.

Microsoft’s Open at Microsoft blog series provides a great opportunity for tech-savvy audiences to learn more about the latest open source projects. Project OmniBOR is a great example of this, as it provides a minimalistic scheme for build tools to embed a unique, content-addressable reference in each step of a build process. With OmniBOR, developers can answer questions such as “Does this product contain log4j?” and provide a precise artifact identifier which can be used in situations where naming schemes may be ambiguous or when critical dependencies are nested deep in a supply chain.

Those interested in learning more about OmniBOR can watch the Open at Microsoft episode, check out the OmniBOR project on GitHub, or join one of the community’s weekly meetings. Doing so will provide an opportunity to contribute to the project or add support to open source build tools.

Key points from the article:

  • OmniBOR stands for Universal Bill Of Receipts
  • It is a minimalistic scheme for build tools to embed a unique, content-addressable reference in each step of a build process
  • It can help by providing a precise artifact identifier when naming schemes may be ambiguous
  • OmniBOR complements SBOM formats, such as SPDX and CycloneDX
  • Learn more about the architecture of OmniBOR and how it can help with projects

    • From the Azure Developer Community Blog

    , , , , , , , , , , , , , , ,

    ailona

    Follow Us

    [adinserter name=”Block 4″]

    Recent Posts

    Categories

    Tags

    365 and Azure build community copilot core developer enhanced exploring features for guide infrastructure insider Intune latest microsoft microsoft’s new power preview Security stories: Teams the unlock Windows with your