Microsoft Releases Weekly Previews of VS 2023 Open Sources SBOM Tool – Visual Studio Magazine

New

Microsoft Pumps VS 2023 Weekly Previews, Open Sources SBOM Tool

At the end of July, Microsoft began releasing weekly previews of Visual Studio 2023 v17.3, as well as opening a tool to generate a software bill of materials (SBOM), essential for government recommendations on best practices in matters of cybersecurity.

Since the development team performed an overhaul of the Microsoft Teams Developer Tools (Teams Toolkit) in v17.3 Preview 3 on July 12, the pace has picked up with weekly updates that only tweak and fix things. In fact, after the first three previews shipped two or three weeks apart, Microsoft has since released three previews in 14 days as things are tweaking for an expected August GA debut.

The release notes for Preview 5 this week included these items:

  • Fixed a crash in the dialog prompting users to login on first launch and when an upgrade requires re-authenticating an account.
  • Updated the C++ Dev 16.11 side-by-side toolset to version 14.29.30145.00. The latest Dev 16.11 C++ Toolset release contains important bug fixes, including fixing all remaining C++20 defect reports. For more information on bug fixes, including C++20 defect reports in Dev 16.11, please see https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes#16.11.14

The update also fixed four items reported by users on the developer community feedback site.

Preview 4 included .NET MAUI maintenance updates and several fixes:

  • Fixed an issue causing WinForms Designer for .NET projects to fail to launch on ARM64 machines.
  • Corrects the contrast between the background color and a hyperlink in a dialog box.
  • Improved text translation in the first login dialog on launch.
  • Fixed a bug where Top Insights in the CPU Usage tool was not localized

Since versions 17.0 through 17.2 shipped about three months apart, with the last one landing on May 10, v17.3 will likely arrive within the next few weeks.

SBOM generation tool
Meanwhile, in July, Microsoft opened up its Software Bill of Materials Generation Tool (SBOM). The US government defines an SBOM as a list of ingredients that make up software components.

A generated SBOM
[Click on image for larger view.] A generated SBOM (source: Microsoft).

He figures prominently in President Joe Biden’s speech Executive Order on Improving the Nation’s Cybersecurity which was published last year, ordering agencies to take security measures such as advancing the shift to Zero Trust.

The order stated that the government produce best practice guidelines, including standards, procedures or criteria regarding “the provision to a purchaser of a software bill of material (SBOM) for each product directly or by posting it on a public website”, as well as many other actions.

“Our SBOM tool is a general-purpose, enterprise-proven and build-time SBOM generator,” Microsoft said earlier this month in an engineering blog post. Publish. “It works on all platforms, including Windows, Linux, and Mac, and uses the standard Software Package Data Exchange (SPDX) format.”

This SPDX specification forms the basis for the four main SBOM sections of the open-source tool:

  • Information on creating documents: General information about the SBOM document, such as software name, SPDX license, SPDX version, who created the document, when it was created, etc.
  • Files section: A list of files that make up the software. Each file has certain properties, including hashes of its contents (SHA-1, SHA-256).
  • Packages section: A list of packages used when building the software. Each package has additional properties such as name, version, vendor, hashes (SHA-1, SHA-256) and a package URL software identifier (purl).
  • Relations section: A list of relationships between the various elements of the SBOM, such as files and packages.

“Open sourcing our SBOM tool is an important step in fostering collaboration and innovation within our community, and we believe this will enable more organizations to generate SBOM and contribute to its development,” said Microsoft.

About the Author


David Ramel is an editor and writer for Converge360.