Unlock Supply Chain and Security Issues with OmniBOR: Exploring the Architecture of Build Tools

Posted by

On this episode of Open at Microsoft, Ed Warnicke, one of the founders of OmniBOR, explains how this minimalistic scheme for can help navigate chain problems and security . OmniBOR complements SBOM formats, such as SPDX and CycloneDX. Learn more about the architecture of OmniBOR and how it can help projects.

Open at Microsoft – OmniBOR

Microsoft’s Open at Microsoft blog series recently featured Project OmniBOR, a minimalistic scheme for build tools to embed a unique, content-addressable reference in each step of a build process. OmniBOR (formerly GitBOM) stands for Universal Bill Of Receipts and enables the generation of a compact Artifact Dependency Graph, tracking every source code file incorporated into each built artifact.

What is OmniBOR?

OmniBOR is designed to effortlessly construct a verifiable Artifact Dependency Graph (ADG) across languages, environments, and packaging formats, with zero developer effort, involvement, or awareness. However, OmniBOR is not designed to be a replacement for SBOMs — rather it complements SBOM formats, such as SPDX and CycloneDX.

What are the Benefits?

OmniBOR can help developers answer questions such as “Does this product contain log4j?” by providing a precise artifact identifier which can be used in situations where naming schemes may be ambiguous or when critical dependencies are nested deep in a supply chain.

How to Get Involved

Tech-savvy audiences can watch the Open at Microsoft episode to learn more about the architecture of OmniBOR and how it can help with projects. Interested parties can also check out the OmniBOR project on GitHub or join one of the community’s weekly meetings to contribute to the project or add support to open source build tools.

OmniBOR is designed to effortlessly construct a verifiable Artifact Dependency Graph (ADG) across languages, environments, and packaging formats, with zero developer effort, involvement, or awareness.

Microsoft’s Open at Microsoft blog series provides a great opportunity for tech-savvy audiences to learn more about the latest open source projects. Project OmniBOR is a great example of this, as it provides a minimalistic scheme for build tools to embed a unique, content-addressable reference in each step of a build process. With OmniBOR, developers can answer questions such as “Does this product contain log4j?” and provide a precise artifact identifier which can be used in situations where naming schemes may be ambiguous or when critical dependencies are nested deep in a supply chain.

Those interested in learning more about OmniBOR can watch the Open at Microsoft episode, check out the OmniBOR project on GitHub, or join one of the community’s weekly meetings. Doing so will provide an opportunity to contribute to the project or add support to open source build tools.

Key points from the article:

  • OmniBOR stands for Universal Bill Of Receipts
  • It is a minimalistic scheme for build tools to embed a unique, content-addressable reference in each step of a build process
  • It can help by providing a precise artifact identifier when naming schemes may be ambiguous
  • OmniBOR complements SBOM formats, such as SPDX and CycloneDX
  • Learn more about the architecture of OmniBOR and how it can help with projects
  • From the Azure Developer Community Blog


    Related Posts
    Unlock New Possibilities with Windows Server Devices in Intune!

      Devices Now Recognized as a New OS in Intune Microsoft has announced that Windows Server devices are Read more

    Unlock the Power of the Platform: Your Guide to Power Platform at Microsoft Ignite 2022

    Microsoft Power Platform is leading the way in AI-generated low-code app development. With the help of AI, users can quickly Read more

    Unlock the Power of Microsoft Intune with the 2210 October Edition!

    Microsoft Intune is an enterprise mobility management platform that helps organizations manage mobile devices, applications, and data. The October Read more

    Unlock the Power of Intune 2.211: What’s New for November!

    Microsoft Intune has released its November edition, featuring new updates to help IT admins better manage their organization’s mobile devices. Read more