Overview and Introduction Welcome to the fourth article in the “Care and Feeding of SBOMs” series! We started by exploring the strategic importance of SBOMs in “SBOM Adoption at Scale: Burden or Opportunity?”, then delved into practical generation techniques in “How to Build SBOMs at Scale” and tackled the complexities of intake in “How to…
Continue ReadingIndustry News
Fidelity says data breach exposed personal data of 77,000 customers
Internet Archive hacked, data breach impacts 31 million users
Water supplier American Water Works says systems hacked
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links
SEC Charges SolarWinds and CISO with Fraud, Internal Control Failures
SBOM Adoption Guide: Part 3 – How to Ingest and Manage SBOMs at Scale
Overview and Introduction Welcome to the third installment of the “Care and Feeding of SBOMs” series! Our first article, SBOM Adoption at Scale: Burden or Opportunity?, outlined the strategic importance of Software Bills of Materials (SBOMs). The second, How to Build SBOMs at Scale, dove into the practicalities of generating accurate SBOMs for your organization’s…
Continue ReadingSBOM Adoption Guide: Part 2 – How to Build SBOMs at Scale
Summary and Background This is the second installment in the Care and Feeding of SBOMs series. The inaugural article, SBOM Adoption at Scale: Burden or Opportunity?, introduced the role and impact that Software Bill of Materials (SBOMs) play across development, enterprise, and regulatory application stakeholders. For a more literal SBOM definition, check out SBOM 101:…
Continue ReadingSBOM Adoption Guide: Part 1 – Burden or Opportunity?
Hello World Welcome to the “SBOM Adoption” series – a practical guide designed to navigate the evolving landscape of Software Bill of Materials (SBOM) adoption. As software supply chains grow more complex and interconnected, understanding what’s inside our software is no longer optional; it’s essential for security, compliance, and trust. Fundamentally, an SBOM provides a…
Continue Reading
DevSecOps Roadmap Part 4: Link SBOMs with External References
This is the fourth and final post in our series on managing SBOMs at scale, where we’ll dive into the intricacies of creating, managing, and ingesting complex dependent SBOMs. If you haven’t read it yet, check out our first three posts “DevSecOps Roadmap: Do I Really Need SBOMs?”, “DevSecOps Roadmap: Generating SBOMs”, and “DevSecOps Roadmap:…
Continue ReadingDevSecOps Roadmap Part 3: Ingest, Manage, and Monitor SBOMs
This is the third post in our series on managing SBOMs at scale, where we’ll dive into how to ingest, manage and monitor SBOMs that you receive. If you haven’t read them yet, check out our first two posts “DevSecOps Roadmap: Do I Really Need SBOMs?” and “DevSecOps Roadmap: Generating SBOMs”. In previous posts we…
Continue ReadingDevSecOps Roadmap Part 2 – Generating SBOMs
This is the second post in our series on managing SBOMs at scale, where we’ll dive into defining goals around SBOM generation in order to determine which type of SBOM to generate, when and how to generate and where you might store SBOMs. If you haven’t read it yet, check out our first post “DevSecOps…
Continue ReadingDevSecOps Roadmap Part 1 – Do I Really Need SBOMs?
This is the first in our series on SBOMs, where we’ll dive into: Much of this series will focus on high level processes and ideal practices, and less so on the actual implementation details, so if you’re looking for those check out the last post in the series here. If you need a refresher on…
Continue Reading
Advanced Governance in SCA
Governance in Software Composition Analysis Governance in SCA solutions is an often overlooked yet extremely powerful feature set that can significantly improve a company’s supply chain security, and legal compliance. Governance or Governance Policies consist of the ability to create rules which restrict open source packages based on certain criteria. The result of running these…
Continue Reading