The sbomify Blog
Content for software, product, and digital security experts
Announcing sbomify v0.25: The One with Attestations
Software supply chain security is not just about knowing what is in your software. It is about proving that knowledge is authentic and has not been tampered with....
Announcing sbomify-action v0.11: The One Where They Go to PyPI
With v0.11, sbomify-action is no longer tied to your CI/CD pipeline. Install it anywhere with pip install sbomify-action and generate enriched SBOMs on your laptop, in your build...
Announcing sbomify v0.24: The One with All the Plugins
Today marks a pivotal release for sbomify. With v0.24, we are laying the foundation for what will become a fully extensible, plugin-based platform. This release introduces our new...
FDA Medical Device SBOM Requirements: What the New Cybersecurity Guidance Means for Manufacturers
On June 27, 2025, the FDA issued updated guidance on “Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions.” This document marks a significant step...
CRA Explained: What the Cyber Resilience Act Means for Device Manufacturers
The EU Cyber Resilience Act (CRA) is transforming how device manufacturers approach cybersecurity. To break down what this means in practice, Viktor sat down with Sarah Fluchs on...
Major Updates: sbomify v0.21 and Action Module v0.8 & v0.9
Announcing sbomify v0.20: Custom Domains & Streamlined Onboarding
Announcing GitHub Action 0.7.0 and sbomify 0.19
Using Conan for C SBOMs
Last November I wrote about The C conundrum as there’s so much C code that needs SBOMs, but there was no straightforward way to generate them.
CISA's Minimum Elements now in Draft
CISA has published a public comment draft of updated SBOM Minimum Elements. This draft is intended as successor guidance to the NTIA Minimum Elements first issued on July...
Big Update to sbomify
Happy 4 July to our US friends.
Unpacking Raspberry Pi's Built‑In SBOM Magic
When the Raspberry Pi Foundation quietly unveiled rpi‑image‑gen, most of the headlines focused on how it streamlines custom image creation. Tucked inside that announcement is something even more...