sbomify logo

The sbomify Blog

Content for software, product, and digital security experts

What Is Sigstore? Keyless Signing for the Software Supply Chain

Before Sigstore, signing a software artifact meant generating a GPG or PEM key pair, storing the private key securely, distributing the...

Cowboy Neil Aug 12. 2024
Read more →

How to Generate SBOMs for Python Packages with `pipdeptree` and `cyclonedx-py`

Software Bill of Materials (SBOMs) are essential for ensuring transparency and security in software supply chains. This guide will show you...

Viktor Petersson Jul 30. 2024
Read more →

What Is Lock File Drift? A Hidden Risk in Dependency Management

A developer adds a new dependency to package.json, runs the application locally, confirms it works, and pushes the change. But they forget...

Cowboy Neil Jul 30. 2024
Read more →

Embracing Cybersecurity with CISA's 'Secure by Design' Initiative

In the ever-evolving landscape of cyber threats, the importance of integrating robust security measures into the earliest stages of software...

Cowboy Neil Jul 24. 2024
Read more →

What's New in SPDX 3: Enhanced Referencing Capabilities

At sbomify, we pride ourselves on providing the latest insights and updates in the realm of Software Bill of Materials (SBOM). One of the...

Cowboy Neil Jul 22. 2024
Read more →

Understanding the EU Cyber Resilience Act: SBOM Requirements and Compliance

In October 2024, the European Union adopted the Cyber Resilience Act (CRA) — the most ambitious cybersecurity product regulation ever...

Cowboy Neil Jul 10. 2024
Read more →

The Role of SBOMs in an OBOM: Ensuring Compliance and Security in Smart Thermometer Development

In today’s software landscape, compliance with security and transparency mandates is more critical than ever. Executive orders, such...

Cowboy Neil Jul 9. 2024
Read more →

Enhancing Dependency Management with GitHub's Dependency Graph: An Analysis

Introduction In the evolving landscape of software development, dependency management is a critical component. GitHub’s dependency graph is...

Cowboy Neil Jun 24. 2024
Read more →

Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

As the digital world grows ever more complex, the tools we use to ensure software security and transparency must evolve. The 2nd edition of...

Cowboy Neil Jun 11. 2024
Read more →

Get the latest SBOMs from the top 15 most popular images on Docker Hub

Most companies that use Docker also use Docker Hub in some capacity. Have you ever wondered how secure these images are? In our article...

Cowboy Neil Jun 4. 2024
Read more →

Comprehensive Guide to Generating and Understanding SBOMs with Docker and Django-CMS

It’s fair to say that SBOMs (Software Bill of Materials) is a rapidly emerging field. Many vendors, like Docker and GitHub, now offer...

Cowboy Neil May 27. 2024
Read more →

Call for Views on the Code of Practice for Software Vendors: Ensuring Security and Resilience

The UK government has launched a call for views on a new voluntary Code of Practice for Software Vendors. This initiative aims to enhance...

Cowboy Neil May 26. 2024
Read more →
← Previous Page 5 of 7 Next →