sbomify logo

The sbomify Blog

Content for software, product, and digital security experts

Blog

sbomify GitHub Action v0.3.0: Now Faster and Compatible with GitLab!

We’re excited to announce the release of version 0.3.0 of our GitHub Actions module!

Nov 12. 2024

GitHub Action module with Attestation

Over the last few weeks, we’ve made some significant updates to our GitHub Actions module. Since our last update, we’ve added a few new features.

Oct 31. 2024

Big update to our GitHub Action

In the last few weeks, we’ve worked hard on overhauling the sbomify GitHub Action based on customer feedback. The initial purpose of the GitHub Action module was merely...

Oct 4. 2024

How to generate an SBOM from a Docker container

A lot of people are asking about how one can generate an SBOM based on a Docker container. It seems to be a good idea, since a lot...

Sep 20. 2024

Introducing sbomify: Revolutionizing SBOM Management

We’re excited to announce the launch of sbomify, a platform designed to transform how businesses manage and share Software Bill of Materials (SBOMs). Our journey to create sbomify...

Aug 29. 2024

Exploring the Future of Software Security: Join Us at BSides Bristol

This weekend marks an exciting event for the cybersecurity community — BSides Bristol is officially kicking off! We’re thrilled to be a part of this dynamic conference, where...

Aug 26. 2024

Announcing sbomify’s GitHub Actions Module: Seamlessly Share SBOMs in Your CI/CD Pipeline

We are thrilled to announce the launch of sbomify’s GitHub Actions Module — now available in the GitHub Marketplace! This powerful tool simplifies the process of generating Software...

Aug 21. 2024

Comparing SBOM Formats: Focus on Component Types in CycloneDX vs. SPDX

CycloneDX and SPDX are two leading SBOM (Software Bill of Materials) standards, each with distinct strengths and support for various component types. CycloneDX is well-suited for modern, agile...

Aug 20. 2024

Securing the Software Supply Chain with SLSA: What You Need to Know

Abstract In a world where software is integral to almost every aspect of life, securing the software supply chain is more critical than ever. The increasing complexity of...

Aug 17. 2024

Understanding in-toto: Securing the Software Supply Chain

In today’s software landscape, securing the software supply chain is more crucial than ever. With increasing concerns about vulnerabilities and supply chain attacks, developers and organizations are looking...

Aug 14. 2024

Understanding Sigstore: Securing the Software Supply Chain

Summary: In an era where software supply chain attacks are becoming more common and sophisticated, Sigstore represents a critical advancement in securing software development practices. By lowering the...

Aug 12. 2024

Understanding Lock File Drift: A Hidden Risk in Dependency Management

In the world of software development, managing dependencies is crucial for ensuring the stability and security of applications. One often overlooked aspect of this process is the phenomenon...

Jul 31. 2024