Update DIALOG.md

rufer7 · Jan 29, 2025 · 7d82db6 · 7d82db6
1 parent 014b85b
commit 7d82db6
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/DIALOG.md b/DIALOG.md
@@ -13,12 +13,15 @@ Unfortunately, I am only a hobby developer and still need some support before I
 Fortunately, Marc is helping me with this. He already prepared something and is now going to show us...
 
 Raffi: Hey Marc, thanks for having a look at my tool. You already mentioned that we should create an SBOM for it. What exactly is an SBOM?
+
 Marc: Great question, Raffi! An SBOM stands for **S**oftware **B**ill **o**f **M**aterials. It's essentially a detailed inventory of all the components that make up a piece of software.
 
 Raffi: Oh, like a list of ingredients for a recipe?
+
 Marc: Exactly! Just like you'd want to know what goes into your food, an SBOM tells you what's inside your software, including proprietary and open-source components, their versions, licenses, and dependencies.
 
 Raffi: Can you show me such an ingredients list and how to create it?
+
 Marc: Sure!
 
 > [!NOTE]
@@ -41,12 +44,15 @@ dotnet CycloneDX ./demo-app/TravelDestinationRecommender.sln --out ./
 3. **SWID Tags** (Software Identification Tags): A ISO standard for software identification
 
 Raffi: Why is it so important to have this "ingredient list" for software?
+
 Marc: There are a few reasons. First, transparency. With an SBOM, you can clearly see what components are being used, which is especially helpful when you're working with third-party or open-source software.
 
 Raffi: That makes sense. But transparency is not so important to me, do I have other advantages?
+
 Marc: An SBOM helps to identify vulnerabilities. If a specific version of a library or tool is found to have a security flaw, you can quickly check your SBOM to see if your software uses it. It's a crucial part of vulnerability management.
 
 Raffi: Got it. So, it's like spotting an expired ingredient in your fridge before it causes problems.
+
 Marc: Exactly! Plus, it's useful for compliance. An SBOM includes licensing details, so you can ensure your software complies with all relevant licenses and avoid legal trouble.
 
 Raffi: I have seen that OWASP has published a tool that also maintains an inventory of my software. May I show you this solution?
@@ -59,4 +65,12 @@ Marc: Fine, I show you my approach
 
 # Marc - DEMO -> License Compliance Check
 
-# Comparison
+# Conclusion
+
+- CycloneDX
+- OWASP Dependency-Track
+- Microsoft SBOM Tool
+
+- OWASP dep-scan
+- OSV-Scanner
+- Dependency review