Monitoring

GitHub Release Monitoring: SBOM Automation for External Repos 🚀 If you’ve been following our sbommv blog series, welcome to the fourth one—each post tackling a new challenge around SBOM automation. Here’s a quick recap of what we’ve covered so far: GitHub Release Transfers: How to fetch SBOMs from GitHub release pages and move them to systems like folders, Dependency-Track, Interlynk, or AWS S3. Folder Monitoring: Running sbommv in daemon mode to continuously watch a local folder and upload new SBOMs as they appear. AWS S3 Integration: Adding S3 as both an input and output adapter, enabling SBOM flows to and from S3 buckets. In short, sbommv is a tool built for automation—designed to seamlessly move SBOMs across systems, with support for format conversion, metadata enrichment, and monitoring workflows like folders. ...

Introduction In our previous post(GitHub Releases are where SBOM’s goto die), we tackled a growing pain in modern software security: SBOMs stuck in GitHub Releases. We showed how sbommv streamlines the manual mess—automating the movement of SBOMs from GitHub or local folders directly into SBOM platforms like Dependency-Track, Interlynk(next blog will show demo on this). We covered: 🔄 Pulling SBOMs straight from GitHub via API or releases 🧳 Uploading pre-existing SBOMs from local folders 🔍 Using dry-run mode to validate before uploading And transferring those fetched SBOMs to dependency-track platform smoothly and seamlessly. That was the start. But it still required you to trigger the command each time, especially when input adapter or input system(source of SBOMs) is folder. ...