sbomify logo

The sbomify Blog

Content for software, product, and digital security experts

Announcing sbomify v0.24: The One with All the Plugins

Today marks a pivotal release for sbomify. With v0.24, we are laying the foundation for what will become a fully extensible, plugin-based...

Viktor Petersson Jan 14. 2026
Read more →

Software Composition Analysis (SCA): What It Is and How SBOMs Fit In

Software Composition Analysis (SCA) is a category of application security tooling that identifies open source and third-party components in...

Cowboy Neil Jan 11. 2026
Read more →

FDA Medical Device SBOM Requirements: What the New Cybersecurity Guidance Means for Manufacturers

On June 27, 2025, the FDA issued updated guidance on “Cybersecurity in Medical Devices: Quality System Considerations and Content of...

Viktor Petersson Jan 9. 2026
Read more →

Apache License 2.0: What It Is, How It Works, and What It Means for Your Software

The Apache License 2.0 is a permissive open source license published by the Apache Software Foundation (ASF) that allows users to freely...

Cowboy Neil Jan 7. 2026
Read more →

CRA Explained: What the Cyber Resilience Act Means for Device Manufacturers

The EU Cyber Resilience Act (CRA) is transforming how device manufacturers approach cybersecurity. To break down what this means in...

Viktor Petersson Jan 6. 2026
Read more →

Container Security: Best Practices for Securing Docker and Kubernetes

Container security is the practice of protecting containerized applications and their infrastructure throughout the entire lifecycle — from...

Cowboy Neil Jan 3. 2026
Read more →

What Is a KEV? Understanding CISA's Known Exploited Vulnerabilities Catalog

A KEV (Known Exploited Vulnerability) is a vulnerability that has been confirmed as actively exploited in the wild. The CISA Known Exploited...

Cowboy Neil Dec 30. 2025
Read more →

Software Supply Chain Management: Risks, Best Practices, and SBOM Integration

Software supply chain management is the practice of identifying, assessing, and mitigating risks across the entire chain of components,...

Cowboy Neil Dec 26. 2025
Read more →

The GPL License: A Comprehensive Guide to the GNU General Public License

The GPL (GNU General Public License) is a free software license that guarantees end users the freedom to run, study, modify, and share...

Cowboy Neil Dec 22. 2025
Read more →

Major Updates: sbomify v0.21 and Action Module v0.8 & v0.9

We have been busy at sbomify! Today we are announcing a triple release covering significant updates to both the core platform and our...

Viktor Petersson Dec 19. 2025
Read more →

CVE Vulnerabilities Explained: What They Are and Why They Matter

A CVE (Common Vulnerabilities and Exposures) is a standardized identifier assigned to a publicly known cybersecurity vulnerability. Each CVE...

Cowboy Neil Dec 18. 2025
Read more →

Software Development Life Cycle (SDLC): A Complete Guide

The Software Development Life Cycle (SDLC) is a structured process that defines the stages involved in developing software from initial...

Cowboy Neil Dec 15. 2025
Read more →
← Previous Page 2 of 7 Next →