sbomify logo

The sbomify Blog

Content for software, product, and digital security experts

SBOM Adoption on PyPI Is at 1.58%. We Can Do Better.

This wasn’t a research project. We were building TEA support into sbomify-action and wanted a way to pull in real SBOM data from a...

Viktor Petersson Mar 12. 2026
Read more →

PEP 770: SBOMs Are Now a First-Class Citizen in Python Packages

Python now has an official standard for shipping SBOMs inside packages. PEP 770, authored by Seth Larson (Python Security...

Viktor Petersson Mar 5. 2026
Read more →

Announcing sbomify-action v0.14: The One With Yocto

What started as github-action has outgrown its name. With v0.14, we are officially renaming the project to sbomify-action to reflect what it...

Viktor Petersson Mar 2. 2026
Read more →

Why We're Bullish on TEA, And Why You Should Be Too

Imagine you’re standing in an electronics store, holding a product in your hand. Using a TEA app, you could automatically scan the...

Viktor Petersson Mar 1. 2026
Read more →

Announcing sbomify v0.27: The One with TEA

We have been working towards this release for a while. sbomify v0.27 brings full Transparency Exchange API (TEA) support, SPDX 3.0...

Viktor Petersson Feb 24. 2026
Read more →

Announcing sbomify v0.26: The One Where Bootstrap Moved Out

A Faster, More Accessible UI The first thing you will notice is that sbomify feels faster. Pages load more quickly, transitions are...

Viktor Petersson Feb 16. 2026
Read more →

The Role of SBOMs in Cybersecurity: From Visibility to Vulnerability Response

A Software Bill of Materials (SBOM) is a foundational cybersecurity tool that provides a complete, machine-readable inventory of every...

Cowboy Neil Feb 8. 2026
Read more →

What Is CVSS? Understanding Vulnerability Severity Scoring

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the severity of software vulnerabilities. Published...

Cowboy Neil Feb 5. 2026
Read more →

Announcing sbomify-action v0.13: The One Where We Go to FOSDEM

We timed the sbomify-action v0.13 release for FOSDEM 2026, where we presented on CRA-ready SBOM generation. FOSDEM 2026: CRA-Ready SBOMs...

Viktor Petersson Feb 4. 2026
Read more →

SBOM Scanning: How to Detect Vulnerabilities in Your Software Components

SBOM scanning is the process of analyzing a Software Bill of Materials to identify known vulnerabilities, license issues, and other risks in...

Cowboy Neil Feb 1. 2026
Read more →

What Is a Dependency in Software? A Beginner's Guide

A dependency in software is any external component — a library, framework, module, or package — that your application relies on to function....

Cowboy Neil Jan 29. 2026
Read more →

SBOM Generation Tools Compared: Syft, Trivy, cdxgen, and More

SBOM generation tools analyze your software projects and produce machine-readable Software Bills of Materials in standard formats like...

Cowboy Neil Jan 26. 2026
Read more →
← Previous Page 1 of 7 Next →