While pursuing software bills of materials (SBOMs) and software transparency in traditional, on-premises infrastructure is challenging, the challenge is significantly different when dealing with cloud services and cloud-native architectures. In this chapter, we will discuss some of the metrics surrounding the growth of cloud and containerization, as well as software transparency and supply chain security concerns in the context of cloud computing.

When discussing technology, it often helps to have a shared lexicon. With that said, the most used definition of cloud computing comes from NIST 800-145 (https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf), which states:

Expanding further, those characteristics include on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Cloud also comes with three service models: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Each of these service models has its ...