https://sbom-insights.dev/posts/ Recent content in Posts on SBOM Insights https://sbom-insights.dev/apple-touch-icon.png https://sbom-insights.dev/apple-touch-icon.png Hugo -- 0.150.0 en-us Thu, 26 Mar 2026 22:17:11 +0530 https://sbom-insights.dev/posts/bsi-tr-03183-v2.0-compliance/ Wed, 25 Mar 2026 10:00:00 +0530 https://sbom-insights.dev/posts/bsi-tr-03183-v2.0-compliance/ Understand BSI TR-03183-2 v2.0, Germany SBOM compliance framework. Learn its required, additional, and optional fields, why they exist, and how to validate your SBOM using sbomqs. https://sbom-insights.dev/posts/bsi-tr-03183-v1.1-compliance/ Mon, 23 Mar 2026 10:00:00 +0530 https://sbom-insights.dev/posts/bsi-tr-03183-v1.1-compliance/ Understand BSI TR-03183-2 v1.1, Germany SBOM compliance framework. Learn its required and additional fields, why they exist, and how to validate your SBOM using sbomqs. https://sbom-insights.dev/posts/fsct/ Mon, 09 Feb 2026 18:38:10 +0530 https://sbom-insights.dev/posts/fsct/ Learn how FSCT (Framing Software Component Transparency) goes beyond NTIA minimum elements to measure SBOM completeness, declaration quality, and trust. https://sbom-insights.dev/posts/ntia-minimum-elements-2021-compliance/ Wed, 28 Jan 2026 22:50:46 +0530 https://sbom-insights.dev/posts/ntia-minimum-elements-2021-compliance/ Understand NTIA minimum elements for SBOM compliance. Learn the required fields, why they matter, and how to check if your SBOM meets the standard. https://sbom-insights.dev/posts/upstream-vs-hardened-image-cves-why-numbers-dont-match/ Thu, 11 Dec 2025 23:10:15 +0530 https://sbom-insights.dev/posts/upstream-vs-hardened-image-cves-why-numbers-dont-match/ Why do CVE counts differ between upstream and hardened container images? Use SBOM deltas to understand what packages changed, not just vulnerability numbers. https://sbom-insights.dev/posts/sbomqs-v1-vs-sbomqs-v2-highlights/ Sat, 29 Nov 2025 14:40:15 +0530 https://sbom-insights.dev/posts/sbomqs-v1-vs-sbomqs-v2-highlights/ Compare sbomqs v1 and v2 scoring models. See what changed in the new release, from separated compliance checks to a cleaner quality scoring approach. https://sbom-insights.dev/posts/sbomqs_scoring_dtrack_sbom/ Tue, 25 Nov 2025 14:40:15 +0530 https://sbom-insights.dev/posts/sbomqs_scoring_dtrack_sbom/ Score SBOM quality directly within Dependency-Track using sbomqs. Ensure your SBOMs are complete and accurate before feeding them to your SBOM platform. https://sbom-insights.dev/posts/why-sboms-are-becoming-essential-for-qa-in-regulated-industries/ Sun, 16 Nov 2025 10:08:14 -0800 https://sbom-insights.dev/posts/why-sboms-are-becoming-essential-for-qa-in-regulated-industries/ A concise guide for QA leads in regulated industries on how SBOMs strengthen software quality, compliance, and risk management across the SDLC. https://sbom-insights.dev/posts/supply-chain-security-voted-a-top-concern-in-2025/ Tue, 11 Nov 2025 19:47:27 -0800 https://sbom-insights.dev/posts/supply-chain-security-voted-a-top-concern-in-2025/ OWASP ranked software supply chain failures as the #3 risk in 2025. Learn why operators must act now with SBOMs, CI/CD hardening, and dependency controls. https://sbom-insights.dev/posts/sbom-generator-recommendations-and-workflows/ Wed, 05 Nov 2025 11:23:58 -0800 https://sbom-insights.dev/posts/sbom-generator-recommendations-and-workflows/ This guide helps you choose the right SBOM (Software Bill of Materials) generator for your project based on your technology stack and requirements https://sbom-insights.dev/posts/how_ownersbox_used_the_interlynk_sbom_platform_to_immediately_thwart_the_shai_hulud_npm_attack/ Mon, 27 Oct 2025 00:00:00 +0000 https://sbom-insights.dev/posts/how_ownersbox_used_the_interlynk_sbom_platform_to_immediately_thwart_the_shai_hulud_npm_attack/ How OwnersBox used the Interlynk SBOM platform to detect and mitigate the Shai-Hulud npm supply chain attack within hours of its discovery in September 2025. https://sbom-insights.dev/posts/interlynk-feedback-2025-cisa-minimum-element-for-sbom/ Mon, 29 Sep 2025 10:24:57 -0700 https://sbom-insights.dev/posts/interlynk-feedback-2025-cisa-minimum-element-for-sbom/ Interlynk's formal response to CISA's request for public comments on the 2025 Minimum Elements for a Software Bill of Materials (SBOM) https://sbom-insights.dev/posts/sbomqs-sbom-policies-turning-transparency-into-action/ Tue, 23 Sep 2025 17:36:55 +0530 https://sbom-insights.dev/posts/sbomqs-sbom-policies-turning-transparency-into-action/ Turn SBOM transparency into action with sbomqs policies. Define rules for licenses, vulnerabilities, and suppliers to automate supply chain risk decisions. https://sbom-insights.dev/posts/sbomasm-enriches-licenses-using-clearlydefined-datasets/ Tue, 23 Sep 2025 17:12:44 +0530 https://sbom-insights.dev/posts/sbomasm-enriches-licenses-using-clearlydefined-datasets/ Enrich SBOM license data automatically using sbomasm and ClearlyDefined datasets. Fill NOASSERTION gaps and boost SBOM quality at scale. https://sbom-insights.dev/posts/lean-clean-and-compliance-ready-sbomasm-new-removal-capabilities/ Tue, 23 Sep 2025 17:01:06 +0530 https://sbom-insights.dev/posts/lean-clean-and-compliance-ready-sbomasm-new-removal-capabilities/ Remove unwanted fields, components, and sensitive data from SBOMs using sbomasm. Keep your SBOM lean, private, and compliance-ready in SPDX or CycloneDX. https://sbom-insights.dev/posts/sbomqs-scoring-support-for-bsi-1.1-and-bsi-2.0-in-a-summarized-way/ Tue, 23 Sep 2025 16:49:26 +0530 https://sbom-insights.dev/posts/sbomqs-scoring-support-for-bsi-1.1-and-bsi-2.0-in-a-summarized-way/ sbomqs now supports BSI TR-03183 v1.1 and v2.0 compliance scoring alongside NTIA. Get a summarized SBOM quality scorecard across multiple frameworks. https://sbom-insights.dev/posts/monitoring-external-github-repos-for-sboms/ Tue, 23 Sep 2025 16:39:52 +0530 https://sbom-insights.dev/posts/monitoring-external-github-repos-for-sboms/ Monitor external GitHub repos for new SBOM releases with sbommv daemon mode. Automatically fetch and forward SBOMs from open-source dependencies. https://sbom-insights.dev/posts/modular-sbom-automation-now-with-aws-s3-support/ Tue, 23 Sep 2025 15:30:57 +0530 https://sbom-insights.dev/posts/modular-sbom-automation-now-with-aws-s3-support/ sbommv now supports AWS S3 as both input and output for SBOM automation. Fetch, store, and move SBOMs between S3 buckets and security platforms seamlessly. https://sbom-insights.dev/posts/whats-missing-in-your-sbom-sbomqs-list-can-help/ Tue, 23 Sep 2025 15:19:04 +0530 https://sbom-insights.dev/posts/whats-missing-in-your-sbom-sbomqs-list-can-help/ Use sbomqs list to inspect your SBOM against NTIA, BSI, and other compliance frameworks. Find exactly what fields are missing and fix them before sharing. https://sbom-insights.dev/posts/folder-monitoring-sbom-automation-that-never-sleeps/ Tue, 23 Sep 2025 14:40:15 +0530 https://sbom-insights.dev/posts/folder-monitoring-sbom-automation-that-never-sleeps/ Automate SBOM workflows with sbommv folder monitoring. Detect, validate, and ship SBOMs to platforms like Dependency-Track in real time using daemon mode. https://sbom-insights.dev/posts/github-releases-are-where-sboms-goto-die/ Tue, 23 Sep 2025 14:09:20 +0530 https://sbom-insights.dev/posts/github-releases-are-where-sboms-goto-die/ SBOMs stuck in GitHub Releases slow down security teams. See how sbommv automates SBOM transfers to platforms like Dependency-Track seamlessly. https://sbom-insights.dev/posts/what-is-sbom-why-required/ Mon, 01 Sep 2025 00:00:00 +0000 https://sbom-insights.dev/posts/what-is-sbom-why-required/ Understanding Software Bill of Materials (SBOM): What it is, why it is essential for modern software development, and how it enhances security and compliance