Following the precedent set by Executive Order 14028, security and compliance teams are increasingly requesting software bills of materials (SBOMs) to identify the open source components of their software projects, assess their vulnerability to emerging threats, and verify alignment with license policies. So, we asked ourselves, how do we make SBOMs easier to generate and share?

Today, we're happy to announce a new Export SBOM function that allows anyone with read access to a Framer cloud repository to generate an NTIA-compliant SBOM with a single click. The resulting JSON file saves project dependencies and metadata, like versions and licenses in the industry-standard SPDX format, which can then be used with security and compliance workflows and tools or reviewed in Microsoft Excel (use a JSON-to-CSV converter for compatibility with Google Sheets).

As part of Framer's supply chain security solution, self-service SBOMs are free for all cloud repositories on Framer.