Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFE: SBOM and MUD support #28

Open
mmaymann opened this issue Jun 4, 2023 · 2 comments
Open

RFE: SBOM and MUD support #28

mmaymann opened this issue Jun 4, 2023 · 2 comments

Comments

@mmaymann
Copy link

mmaymann commented Jun 4, 2023

Hi,
Request for FDO functionality enhancements:

  1. SBOM (Software Bill Of Material) to be able to validate risks thoughout IOT device lifetime (e.g. CycloneDX)
  2. MUD (Manufacturer Usage Description) to easily create ACLs (Access Control Lists) for IOT device types (e.g. IETF)
    Thanks in advance 😊
@DukeDavis12
Copy link
Contributor

DukeDavis12 commented Jun 5, 2023

Hi @mmaymann,

  1. SBOM (Software Bill Of Material) to be able to validate risks thoughout IOT device lifetime

To get the Software BOM; you can run mvn dependency:tree command on the root folder to get the details of every component used.

  1. MUD - Can you give more details?

@mmaymann
Copy link
Author

mmaymann commented Jun 5, 2023

@DukeDavis12: thanks for your reply.
1: sorry, what I mean is SBOM support (in TPM) from manufacturing (inside FDO) of the IOT device, so that customers can track SBOM risks of IOT devices during its entire lifecycle.
2: https://developer.cisco.com/docs/mud/#!what-is-mud/what-is-mud (in TPM) again from manufacturing (inside FDO) of the IOT device, so that customers can easily create ACLs to grant POLP access to onboarded IOT devices e.g. in a NAC like I requested here:
sonic-net/SONiC#1362

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants