Create records with Bill of Materials of your applications and opportunistically analyze these.
This should likely be renamed Software Bill of Materials (SBOM). But I cannot find anywhere in Operations to maintain an Operations Bill of Materials. Applications are typically deployed to something. Often times its an application server which is running on an operating system. These additional components form the full stack of an Operations Bill of Materials, but it appears to be assumed and an indirect requirement. I believe this is likely related to #128.
For reference, BSIMM specifically calls out operations bill of materials.
In
Implementation \ Secure Buildit states:This should likely be renamed Software Bill of Materials (SBOM). But I cannot find anywhere in
Operationsto maintain an Operations Bill of Materials. Applications are typically deployed to something. Often times its an application server which is running on an operating system. These additional components form the full stack of an Operations Bill of Materials, but it appears to be assumed and an indirect requirement. I believe this is likely related to #128.For reference, BSIMM specifically calls out operations bill of materials.