sbomify logo

The sbomify Blog

Content for software, product, and digital security experts

Announcing sbomify v0.26: The One Where Bootstrap Moved Out

A Faster, More Accessible UI The first thing you will notice is that sbomify feels faster. Pages load more quickly, transitions are...

Viktor Petersson Feb 16. 2026
Read more →

The Role of SBOMs in Cybersecurity: From Visibility to Vulnerability Response

A Software Bill of Materials (SBOM) is a foundational cybersecurity tool that provides a complete, machine-readable inventory of every...

Cowboy Neil Feb 8. 2026
Read more →

What Is CVSS? Understanding Vulnerability Severity Scoring

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the severity of software vulnerabilities. Published...

Cowboy Neil Feb 5. 2026
Read more →

Announcing sbomify-action v0.13: The One Where We Go to FOSDEM

We timed the sbomify-action v0.13 release for FOSDEM 2026, where we presented on CRA-ready SBOM generation. FOSDEM 2026: CRA-Ready SBOMs...

Viktor Petersson Feb 4. 2026
Read more →

SBOM Scanning: How to Detect Vulnerabilities in Your Software Components

SBOM scanning is the process of analyzing a Software Bill of Materials to identify known vulnerabilities, license issues, and other risks in...

Cowboy Neil Feb 1. 2026
Read more →

What Is a Dependency in Software? A Beginner's Guide

A dependency in software is any external component — a library, framework, module, or package — that your application relies on to function....

Cowboy Neil Jan 29. 2026
Read more →

SBOM Generation Tools Compared: Syft, Trivy, cdxgen, and More

SBOM generation tools analyze your software projects and produce machine-readable Software Bills of Materials in standard formats like...

Cowboy Neil Jan 26. 2026
Read more →

Announcing sbomify v0.25: The One with Attestations

Software supply chain security is not just about knowing what is in your software. It is about proving that knowledge is authentic and has...

Viktor Petersson Jan 23. 2026
Read more →

The MIT License: A Complete Guide for Developers

The MIT License is a permissive open source license that allows virtually unrestricted use, modification, distribution, and sublicensing of...

Cowboy Neil Jan 22. 2026
Read more →

Announcing sbomify-action v0.11: The One Where They Go to PyPI

With v0.11, sbomify-action is no longer tied to your CI/CD pipeline. Install it anywhere with pip install sbomify-action and generate...

Viktor Petersson Jan 20. 2026
Read more →

SBOM Management: How to Organize, Track, and Act on Your SBOMs

SBOM management is the practice of organizing, storing, versioning, distributing, and acting on Software Bills of Materials across an...

Cowboy Neil Jan 18. 2026
Read more →

SBOM Formats Compared: CycloneDX vs SPDX

An SBOM format defines the structure, fields, and serialization of a Software Bill of Materials. Two formats have emerged as industry...

Cowboy Neil Jan 15. 2026
Read more →
← Previous Page 1 of 7 Next →