Call for Feedback: Advancing Software Supply Chain Security together!

Back to News

News Item Dec 17,2025

ENISA invites industry stakeholders and interested parties to provide their feedback on the draft SBOM Landscape Analysis and the Technical Advisory for Secure Use of Package Managers.

ENISA works to strengthen cybersecurity by promoting cybersecurity-by-design and cybersecurity-by-default in the EU market. The EU is prioritising the security of all digital products and the protection of end-users, safeguarding our shared connected ecosystem. Through the launch of the two new public consultations, the Agency aims to engage with professionals working in product security and development to provide meaningful guidance and support in advancing cybersecurity across the ecosystem.

SBOM Landscape Analysis: Towards an Implementation Guide

Software Bills of Materials (SBOM) implementation is a significant step for organisations to enhance management, transparency and resilience of their systems. ENISA has compiled a draft report of comprehensive yet practical guidance for implementing Software Bill of Materials practices within organisations of varying sizes and capabilities.

You may provide your feedback by 23 January 2026 at 23:59 CET by taking part in the survey: https://ec.europa.eu/eusurvey/runner/SBOMAnalysisImplementation_Guide

Additionally, the baseline survey to assess the state of Software Bills of Materials (SBOMs) across Europe is still open and running until the 19 December 2025. Provide your input here: https://ec.europa.eu/eusurvey/runner/enisa-sbom-study2025

ENISA Technical Advisory for Secure Use of Package Managers

ENISA will publish regular technical advisories on product security from 2026 onwards. The first of these technical advisories covers the use of package managers. Software development is largely driven by the use of package managers. Packages and package managers offer major benefits for software development, improving collaboration, efficiency, and consistency. Yet their interconnected nature and security risks can create a ripple effect across the software supply chain, affecting hundreds of thousands of dependent projects.

This draft document aims to support software developers in the software development lifecycle and particularly in the secure use of package managers. In particular, this document outlines common risks involved in the use of third-party packages, presents secure practices for selecting, integrating, and monitoring packages and how to address vulnerabilities found in dependencies.

You may take part in the consultation for the Technical Advisory by 23 January 2026, 23:59 CET through the following link: https://ec.europa.eu/eusurvey/runner/ENISA-TG-2025-01

Following the analysis of the public consultations, the final publications will be available on ENISA website in Q2 2026.

• SBOM Landscape Analysis
• Survey SBOM Landscape Analysis
• ENISA Technical Advisory for Secure Use of Package Managers
• Survey for the Technical Advisory for Secure Use of Package Managers
• Survey on SBOM State of the Art Share this page

Contact

For press questions and interviews, please contact:
press@enisa.europa.eu.

Access to the press office

Related topics

• Product Security and Certification Content written for: National / EU authorities | Private Sector