The sbomify Blog
Content for software, product, and digital security experts
GitHub Action module with Attestation
Over the last few weeks, we’ve made some significant updates to our GitHub Actions module. Since our last update, we’ve added a...
Big update to our GitHub Action
In the last few weeks, we’ve worked hard on overhauling the sbomify GitHub Action based on customer feedback. The initial purpose of...
How to generate an SBOM from a Docker container
A lot of people are asking about how one can generate an SBOM based on a Docker container. It seems to be a good idea, since a lot of modern...
Introducing sbomify: Revolutionizing SBOM Management
We’re excited to announce the launch of sbomify, a platform designed to transform how businesses manage and share Software Bill of Materials...
Exploring the Future of Software Security: Join Us at BSides Bristol
This weekend marks an exciting event for the cybersecurity community – BSides Bristol is officially kicking off! We’re thrilled to be a part...
Announcing sbomify's GitHub Actions Module: Seamlessly Share SBOMs in Your CI/CD Pipeline
We are thrilled to announce the launch of sbomify’s GitHub Actions Module – now available in the GitHub Marketplace! This powerful...
Comparing SBOM Formats: Focus on Component Types in CycloneDX vs. SPDX
CycloneDX and SPDX are two leading SBOM (Software Bill of Materials) standards, each with distinct strengths and support for various...
What Is SLSA? Understanding Supply Chain Levels for Software Artifacts
In 2020, attackers compromised SolarWinds’ build system and injected malicious code into Orion software updates that were distributed...
What Is in-toto? Securing the Software Supply Chain End to End
When the XZ Utils backdoor was discovered in March 2024, it revealed how a malicious contributor could spend years infiltrating an...
What Is Sigstore? Keyless Signing for the Software Supply Chain
Before Sigstore, signing a software artifact meant generating a GPG or PEM key pair, storing the private key securely, distributing the...
How to Generate SBOMs for Python Packages with `pipdeptree` and `cyclonedx-py`
Software Bill of Materials (SBOMs) are essential for ensuring transparency and security in software supply chains. This guide will show you...
What Is Lock File Drift? A Hidden Risk in Dependency Management
A developer adds a new dependency to package.json, runs the application locally, confirms it works, and pushes the change. But they forget...