sbomify logo

The sbomify Blog

Content for software, product, and digital security experts

Comparing SBOM Formats: Focus on Component Types in CycloneDX vs. SPDX

CycloneDX and SPDX are two leading SBOM (Software Bill of Materials) standards, each with distinct strengths and support for various...

Cowboy Neil Aug 20. 2024
Read more →

What Is SLSA? Understanding Supply Chain Levels for Software Artifacts

In 2020, attackers compromised SolarWinds’ build system and injected malicious code into Orion software updates that were distributed...

Cowboy Neil Aug 17. 2024
Read more →

What Is in-toto? Securing the Software Supply Chain End to End

When the XZ Utils backdoor was discovered in March 2024, it revealed how a malicious contributor could spend years infiltrating an...

Cowboy Neil Aug 14. 2024
Read more →

What Is Sigstore? Keyless Signing for the Software Supply Chain

Before Sigstore, signing a software artifact meant generating a GPG or PEM key pair, storing the private key securely, distributing the...

Cowboy Neil Aug 12. 2024
Read more →

How to Generate SBOMs for Python Packages with `pipdeptree` and `cyclonedx-py`

Software Bill of Materials (SBOMs) are essential for ensuring transparency and security in software supply chains. This guide will show you...

Viktor Petersson Jul 30. 2024
Read more →

What Is Lock File Drift? A Hidden Risk in Dependency Management

A developer adds a new dependency to package.json, runs the application locally, confirms it works, and pushes the change. But they forget...

Cowboy Neil Jul 30. 2024
Read more →

Embracing Cybersecurity with CISA's 'Secure by Design' Initiative

In the ever-evolving landscape of cyber threats, the importance of integrating robust security measures into the earliest stages of software...

Cowboy Neil Jul 24. 2024
Read more →

What's New in SPDX 3: Enhanced Referencing Capabilities

At sbomify, we pride ourselves on providing the latest insights and updates in the realm of Software Bill of Materials (SBOM). One of the...

Cowboy Neil Jul 22. 2024
Read more →

Understanding the EU Cyber Resilience Act: SBOM Requirements and Compliance

In October 2024, the European Union adopted the Cyber Resilience Act (CRA) – the most ambitious cybersecurity product regulation ever...

Cowboy Neil Jul 10. 2024
Read more →

The Role of SBOMs in an OBOM: Ensuring Compliance and Security in Smart Thermometer Development

In today’s software landscape, compliance with security and transparency mandates is more critical than ever. Executive orders, such...

Cowboy Neil Jul 9. 2024
Read more →

Enhancing Dependency Management with GitHub's Dependency Graph: An Analysis

Introduction In the evolving landscape of software development, dependency management is a critical component. GitHub’s dependency graph is...

Cowboy Neil Jun 24. 2024
Read more →

Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)

As the digital world grows ever more complex, the tools we use to ensure software security and transparency must evolve. The 2nd edition of...

Cowboy Neil Jun 11. 2024
Read more →
← Previous Page 5 of 7 Next →