Software supply chain security provider Chainguard is adding a suite of new capabilities to its native Kubernetes security and compliance platform Enforce.\n\nThe new capabilities include automatic generation and ingestion of software bills of materials (SBOMs) for container images, vulnerability scans, report generation, and a central console.\n\nEnforce was launched last year for securing deployment of container images by helping developers defining and enacting policies for them.\n\nAutomated SBOM ingestion\n\nWith the new SBOM features in Enforce, the platform will automatically ingest SBOMs attached to container images and will convert the SBOM\u2019s JSON structure into structured data that can be queried with a database.\n\nSuch automation is vital if organizations are to make use of SBOMs, said Katie Norton, an analyst with IDC.\n\n\u201cFor SBOMs to be an effective mechanism for aiding in the security of the software supply chain at scale, they must be operationalized and integrated into daily operations, existing tools, and security ecosystems,\u201d said Norton. \u201cIn the event of a security incident or vulnerability, organizations need the ability to query all their software's SBOMs instantly.\u201d\n\nBeing able to query SBOMs across the application portfolio enables the organization to determine the impact rather than wait for each application development team to provide them with individual assessments or waste valuable time scanning each application again, Norton added.\n\nEnforce will automatically create SBOMs for container images without them using Syft, an open source framework and library.\n\nCentralized console\n\nEnforce is also adding a search functionality in the platform\u2019s console, allowing developers to easily search for specific packages, versions, licenses, or a file within their SBOMs.\n\n\u201cOrganizations need SBOM management solutions, like what Chainguard is offering, that provide a centralized repository,\u201d Norton said. \u201cAs modern applications typically include open source and third-party commercial libraries along with internally developed code, these solutions must be able to ingest SBOMs external to the organization. Further, the solution must be able to reconcile and normalize SBOM data to provide a unified, organization-wide view.\u201d\n\nThe centralized console\u2019s search and filter capabilities will further help in investigating vulnerabilities, according to the company. Additionally, Enforce will automatically generate daily vulnerability reports for supported container workloads using Grype, an open-source vulnerability scanner developed and maintained by the Anchore project. \n\nVulnerability reports are automatically created using the previously generated or ingested SBOM for each container image by focusing the scans on the list of available packages used in a workload.\n\nAll the new features are available as part of the Enforce platform at launch.