The sbomify Blog
Content for software, product, and digital security experts
Blog
Big update to our GitHub Action
In the last few weeks, we’ve worked hard on overhauling the sbomify GitHub Action based on customer feedback. The initial purpose of the GitHub Action module was merely...
How to generate an SBOM from a Docker container
A lot of people are asking about how one can generate an SBOM based on a Docker container. It seems to be a good idea, since a lot...
Introducing sbomify: Revolutionizing SBOM Management
We’re excited to announce the launch of sbomify, a platform designed to transform how businesses manage and share Software Bill of Materials (SBOMs). Our journey to create sbomify...
Exploring the Future of Software Security: Join Us at BSides Bristol
This weekend marks an exciting event for the cybersecurity community — BSides Bristol is officially kicking off! We’re thrilled to be a part of this dynamic conference, where...
Announcing sbomify’s GitHub Actions Module: Seamlessly Share SBOMs in Your CI/CD Pipeline
We are thrilled to announce the launch of sbomify’s GitHub Actions Module — now available in the GitHub Marketplace! This powerful tool simplifies the process of generating Software...
Comparing SBOM Formats: Focus on Component Types in CycloneDX vs. SPDX
CycloneDX and SPDX are two leading SBOM (Software Bill of Materials) standards, each with distinct strengths and support for various component types. CycloneDX is well-suited for modern, agile...
Securing the Software Supply Chain with SLSA: What You Need to Know
Abstract In a world where software is integral to almost every aspect of life, securing the software supply chain is more critical than ever. The increasing complexity of...
Understanding in-toto: Securing the Software Supply Chain
In today’s software landscape, securing the software supply chain is more crucial than ever. With increasing concerns about vulnerabilities and supply chain attacks, developers and organizations are looking...
Understanding Sigstore: Securing the Software Supply Chain
Summary: In an era where software supply chain attacks are becoming more common and sophisticated, Sigstore represents a critical advancement in securing software development practices. By lowering the...
Understanding Lock File Drift: A Hidden Risk in Dependency Management
In the world of software development, managing dependencies is crucial for ensuring the stability and security of applications. One often overlooked aspect of this process is the phenomenon...
How to Generate SBOMs for Python Packages with `pipdeptree` and `cyclonedx-py`
Software Bill of Materials (SBOMs) are essential for ensuring transparency and security in software supply chains. This guide will show you how to use pipdeptree and cyclonedx-py to...
Embracing Cybersecurity with CISA's 'Secure by Design' Initiative
In the ever-evolving landscape of cyber threats, the importance of integrating robust security measures into the earliest stages of software development cannot be overstated. Recognizing this need, the...