Home > Communication Service Provider Solutions > Telecom Technical White Papers > Design and Optimize a 5G Telco Cloud > Kubernetes Bill of Materials (KBOM)
The arrival of the first Kubernetes Bill of Materials (KBOM) standard marks an essential milestone in software security. Software Bills of Materials (SBOMs) have become crucial for code security defense, and now there is a dedicated SBOM for Kubernetes. While existing SBOM standards like SPDX, CycloneDX, and GitHub’s dependency submission format have been widely adopted, there needed to be more clarity regarding Kubernetes. That gap has now been filled with the introduction of KBOM by the Kubernetes Security Operations Center (KSOC).
KBOM is a preliminary draft that provides an initial specification in JavaScript Object Notation (JSON). It has been tested with Kubernetes 1.19 and newer versions, hyperscale cloud service providers, and DIY Kubernetes deployments. By using the KBOM’s shell interface, cloud security teams can comprehensively understand third-party tooling within their Kubernetes environment. This development aims to enable quicker responses to emerging vulnerabilities in Kubernetes tooling.
The question arises: Is KBOM necessary, given the existence of other SBOM standards? Considering that over 96% of organizations use Kubernetes for container orchestration, there is a deployment security gap that needs to be addressed. Kubernetes security adoption remains relatively low at 34% in 2022, and one of the barriers to securing Kubernetes is obtaining an accurate grasp of the environment’s scope.
Kubernetes is responsible for orchestrating applications for many prominent business brands. Including Kubernetes in the conversation about standards and compliance guidelines for security is crucial. The KBOM standard is released as a first step towards bringing Kubernetes into that conversation. It offers a concise overview of various elements within a Kubernetes cluster. These elements include workload count, hosting service details, vulnerabilities in internal and hosted images, third-party customization, and version information for the managed platform and Kubelet.
KBOM GitHub page: https://github.com/ksoclabs/kbom