Connecting SBOMs with OSS Project Health to Better Understand Dependencies

While it is encouraging to see organizations continue integrating OSS into their technologies, it’s critical to fully understand the impact of this accelerated adoption on their software supply chains and to ensure that the health of the community behind open source projects is not being overlooked.

This talk explores how going beyond traditional SBOM analysis with the open source project health metrics from the CHAOSS GrimoireLab tool offers a deeper, more comprehensive understanding of dependency risks. It provides valuable insights into the sustainability, risks, and long-term viability of the open source projects that organizations rely on.

This approach enables organizations to:

• Assess the long-term viability of their open source dependencies
• Make informed decisions about library selection and integration
• Proactively mitigate risks associated with unhealthy or unsustainable communities

Join us to discuss the importance of OSS project health in SBOMS and to learn actionable strategies to understand your dependencies better, manage them with data, and reduce the risk associated with your open source projects.