The sbomify Blog
Content for software, product, and digital security experts
Blog
The C conundrum - generating SBOMs when there's no lockfile
Generating an SBOM for something created in a modern language like Dart, Go, Python or Rust is pretty easy. Dependencies are declared using the language’s package manager, the...
sbomify GitHub Action v0.3.0: Now Faster and Compatible with GitLab!
We’re excited to announce the release of version 0.3.0 of our GitHub Actions module!
GitHub Action module with Attestation
Over the last few weeks, we’ve made some significant updates to our GitHub Actions module. Since our last update, we’ve added a few new features.
Big update to our GitHub Action
In the last few weeks, we’ve worked hard on overhauling the sbomify GitHub Action based on customer feedback. The initial purpose of the GitHub Action module was merely...
How to generate an SBOM from a Docker container
A lot of people are asking about how one can generate an SBOM based on a Docker container. It seems to be a good idea, since a lot...
Introducing sbomify: Revolutionizing SBOM Management
We’re excited to announce the launch of sbomify, a platform designed to transform how businesses manage and share Software Bill of Materials (SBOMs). Our journey to create sbomify...
Exploring the Future of Software Security: Join Us at BSides Bristol
This weekend marks an exciting event for the cybersecurity community — BSides Bristol is officially kicking off! We’re thrilled to be a part of this dynamic conference, where...
Announcing sbomify’s GitHub Actions Module: Seamlessly Share SBOMs in Your CI/CD Pipeline
We are thrilled to announce the launch of sbomify’s GitHub Actions Module — now available in the GitHub Marketplace! This powerful tool simplifies the process of generating Software...
Comparing SBOM Formats: Focus on Component Types in CycloneDX vs. SPDX
CycloneDX and SPDX are two leading SBOM (Software Bill of Materials) standards, each with distinct strengths and support for various component types. CycloneDX is well-suited for modern, agile...
Securing the Software Supply Chain with SLSA: What You Need to Know
Abstract In a world where software is integral to almost every aspect of life, securing the software supply chain is more critical than ever. The increasing complexity of...
Understanding in-toto: Securing the Software Supply Chain
In today’s software landscape, securing the software supply chain is more crucial than ever. With increasing concerns about vulnerabilities and supply chain attacks, developers and organizations are looking...
Understanding Sigstore: Securing the Software Supply Chain
Summary: In an era where software supply chain attacks are becoming more common and sophisticated, Sigstore represents a critical advancement in securing software development practices. By lowering the...