Final Thesis: Webdienst zur Überwachung von Schwachstellen in Software-Stücklisten (SBOM)

Abstract: The use of open source software (OSS) plays an important role in modern software development. Despite its various benefits, the transparency and popularity of OSS also introduce new security challenges. This has been highlighted recently by the critical Log4Shell vulnerability that jeopardized a large number of systems. To address these issues, it is essential to keep track of used components and their vulnerabilities. However, due to the complexity of software supply chains, automated tools are indispensable. This bachelor’s thesis presents ‘VulnAware’, a web service that detects vulnerabilities in software dependencies. It allows users to upload their Software Bill of Materials (SBOM) to the platform, which then cross-references the included components with selected vulnerability databases. Additionally, it offers continuous monitoring and alerts users when new vulnerabilities have been found. By integrating ‘VulnAware’ into the development process, security issues can be identified and resolved faster, ensuring safer applications.

Keywords: SBOM, software supply chain, software supply chain security, open source, open source security, security, vulnerabilities

PDF: Bachelor Thesis

Reference: Lukas Nehrke. Webdienst zur Überwachung von Schwachstellen in Software-Stücklisten (SBOM). Bachelor Thesis. Friedrich-Alexander-Universität Erlangen-Nürnberg: 2023.