The sbomify Blog

Content for software, product, and digital security experts

GitHub Action module with Attestation

Over the last few weeks, we’ve made some significant updates to our GitHub Actions module. Since our last update, we’ve added a...

Viktor Petersson Oct 31. 2024
Read more →

Big update to our GitHub Action

In the last few weeks, we’ve worked hard on overhauling the sbomify GitHub Action based on customer feedback. The initial purpose of...

Viktor Petersson Oct 4. 2024
Read more →

How to generate an SBOM from a Docker container

A lot of people are asking about how one can generate an SBOM based on a Docker container. It seems to be a good idea, since a lot of modern...

Viktor Petersson Sep 20. 2024
Read more →

Introducing sbomify: Revolutionizing SBOM Management

We’re excited to announce the launch of sbomify, a platform designed to transform how businesses manage and share Software Bill of Materials...

Viktor Petersson Aug 29. 2024
Read more →

Exploring the Future of Software Security: Join Us at BSides Bristol

This weekend marks an exciting event for the cybersecurity community – BSides Bristol is officially kicking off! We’re thrilled to be a part...

Viktor Petersson Aug 26. 2024
Read more →

Announcing sbomify's GitHub Actions Module: Seamlessly Share SBOMs in Your CI/CD Pipeline

We are thrilled to announce the launch of sbomify’s GitHub Actions Module – now available in the GitHub Marketplace! This powerful...

Viktor Petersson Aug 21. 2024
Read more →

Comparing SBOM Formats: Focus on Component Types in CycloneDX vs. SPDX

CycloneDX and SPDX are two leading SBOM (Software Bill of Materials) standards, each with distinct strengths and support for various...

Cowboy Neil Aug 20. 2024
Read more →

What Is SLSA? Understanding Supply Chain Levels for Software Artifacts

In 2020, attackers compromised SolarWinds’ build system and injected malicious code into Orion software updates that were distributed...

Cowboy Neil Aug 17. 2024
Read more →

What Is in-toto? Securing the Software Supply Chain End to End

When the XZ Utils backdoor was discovered in March 2024, it revealed how a malicious contributor could spend years infiltrating an...

Cowboy Neil Aug 14. 2024
Read more →

What Is Sigstore? Keyless Signing for the Software Supply Chain

Before Sigstore, signing a software artifact meant generating a GPG or PEM key pair, storing the private key securely, distributing the...

Cowboy Neil Aug 12. 2024
Read more →

How to Generate SBOMs for Python Packages with `pipdeptree` and `cyclonedx-py`

Software Bill of Materials (SBOMs) are essential for ensuring transparency and security in software supply chains. This guide will show you...

Viktor Petersson Jul 30. 2024
Read more →

What Is Lock File Drift? A Hidden Risk in Dependency Management

A developer adds a new dependency to package.json, runs the application locally, confirms it works, and pushes the change. But they forget...

Cowboy Neil Jul 30. 2024
Read more →