sbomify logo

The sbomify Blog

Content for software, product, and digital security experts

SPDX 3.0 in Yocto: What Changed and Why It Matters

SPDX 3.0 support was added in the Styhead release (Yocto 5.1) and represents a significant architectural leap. The implementation lives in...

Joshua Watt May 19. 2026
Read more →

Announcing sbomify v26.2.0: The One That Signs the DoC

In v26.1.0 we shipped the first half of the EU Cyber Resilience Act workflow: figuring out whether you are in scope, and what you need to...

Viktor Petersson May 13. 2026
Read more →

A Deep Dive into Yocto's SPDX 2.2 Pipeline

The SPDX 2.2 implementation in the Yocto Project has been stable since the Honister release (Yocto 3.4, October 2021). It is the...

Joshua Watt May 12. 2026
Read more →

How Yocto Generates SBOMs Behind the Scenes: A Deep Dive into SPDX 2.2 and SPDX 3.0

If you are building embedded Linux products with the Yocto Project, you are sitting on one of the most mature and sophisticated SBOM...

Joshua Watt May 5. 2026
Read more →

Announcing sbomify v26.1.0: The One Where We Switch to CalVer

If you have been following along, you may have noticed the version number just made a fairly dramatic jump, going from v0.27 straight to...

Viktor Petersson Apr 2. 2026
Read more →

Trivy Compromise: How We Are Hardening sbomify-action

The last few weeks have been turbulent in the world of supply chain security. Perhaps the most high-profile compromise has been in Aqua...

Viktor Petersson Mar 26. 2026
Read more →

SBOM Adoption on PyPI Is at 1.58%. We Can Do Better.

This wasn’t a research project. We were building TEA support into sbomify-action and wanted a way to pull in real SBOM data from a...

Viktor Petersson Mar 12. 2026
Read more →

PEP 770: SBOMs Are Now a First-Class Citizen in Python Packages

Python now has an official standard for shipping SBOMs inside packages. PEP 770, authored by Seth Larson (Python Security...

Viktor Petersson Mar 5. 2026
Read more →

Announcing sbomify-action v0.14: The One With Yocto

What started as github-action has outgrown its name. With v0.14, we are officially renaming the project to sbomify-action to reflect what it...

Viktor Petersson Mar 2. 2026
Read more →

Why We're Bullish on TEA, And Why You Should Be Too

Imagine you’re standing in an electronics store, holding a product in your hand. Using a TEA app, you could automatically scan the...

Viktor Petersson Mar 1. 2026
Read more →

Announcing sbomify v0.27: The One with TEA

We have been working towards this release for a while. sbomify v0.27 brings full Transparency Exchange API (TEA) support, SPDX 3.0...

Viktor Petersson Feb 24. 2026
Read more →

Announcing sbomify v0.26: The One Where Bootstrap Moved Out

A Faster, More Accessible UI The first thing you will notice is that sbomify feels faster. Pages load more quickly, transitions are...

Viktor Petersson Feb 16. 2026
Read more →
← Previous Page 1 of 8 Next →