sbomify logo

Viktor Petersson

Viktor Petersson

Serial entrepreneur and cybersecurity innovator, currently focused on shaping the future of software security and compliance. As the founder of sbomify, he simplifies Software Bill of Materials (SBOM) management, helping organizations navigate emerging cybersecurity regulations such as the Cyber Resilience Act (CRA). Viktor co-led the CISA SBOM Working Group on SBOM generation and is an invited expert to ECMA TC54. He shares insights and industry trends through his podcast, Nerding Out With Viktor.

Posts by Viktor Petersson

SBOM Adoption on PyPI Is at 1.58%. We Can Do Better.

Education

We scanned 15,021 of the most popular Python packages for PEP 770 SBOMs. Only 1.58% include one, and every single SBOM is CycloneDX. Here are the full …

PEP 770: SBOMs Are Now a First-Class Citizen in Python Packages

Education

Python's PEP 770 standardizes shipping SBOMs inside packages via .dist-info/sboms/. Here's what it means and how we adopted it in two projects with …

Announcing sbomify-action v0.14: The One With Yocto

Announcement

sbomify-action v0.14 adds a dedicated Yocto/OpenEmbedded batch processing command, full SPDX 3.0.1 pipeline support, pipdeptree integration for Python …

Why We're Bullish on TEA, And Why You Should Be Too

Education

The Transparency Exchange API (TEA) is the missing standard for automated SBOM discovery and exchange. Here's what it is, why it matters, and why …

Announcing sbomify v0.27: The One with TEA

Announcement

sbomify v0.27 adds full Transparency Exchange API (TEA) support, SPDX 3.0 compatibility, scoped access tokens, and improved account management.

Announcing sbomify v0.26: The One Where Bootstrap Moved Out

Announcement

sbomify v0.26 delivers a faster, more accessible UI, real-time dashboard updates, BSI TR-03183-2 compliance, and GDPR self-service account deletion.

Announcing sbomify-action v0.13: The One Where We Go to FOSDEM

Announcement

sbomify-action v0.13 brings hash enrichment from lockfiles, an interactive configuration wizard, Conan Center integration for C/C++, and improved NTIA …

Announcing sbomify v0.25: The One with Attestations

Announcement

sbomify v0.25 introduces GitHub Attestation verification via Sigstore/cosign, SPDX 2.3 export, product lifecycle tracking, and compliance badges.

Announcing sbomify-action v0.11: The One Where They Go to PyPI

Announcement

sbomify-action v0.11 transforms from a CI-only tool into a fully-fledged CLI available on PyPI. Major additions include audit trails for compliance, …

Announcing sbomify v0.24: The One with All the Plugins

Announcement

sbomify v0.24 introduces a powerful plugin-based assessment framework supporting security, license, compliance, and attestation plugins. Ships with …

FDA Medical Device SBOM Requirements: What the New Cybersecurity Guidance Means for Manufacturers

Compliance

Breakdown of the FDA's June 2025 guidance on medical device cybersecurity, explaining SBOM requirements, premarket submission expectations, and …

CRA Explained: What the Cyber Resilience Act Means for Device Manufacturers

Podcast

Podcast episode with EU CRA expert Sarah Fluchs explaining SBOM requirements, the 5-year support mandate, and vulnerability management for device …

← Previous Page 1 of 3 Next →