Supply Chain

Hey SBOM enthusiasts 👋 An SBOM isn’t just a list of components anymore — it has detailed information of your software, which contains hundreds of components. And that’s what gives you the transparency of each and every component: such as, who authored it, who supplies it, under what license it’s released, and even what known vulnerabilities it carries. In other words, it’s not just an inventory — it’s visibility into the very DNA of your software. ...

GitHub Release Monitoring: SBOM Automation for External Repos 🚀 If you’ve been following our sbommv blog series, welcome to the fourth one—each post tackling a new challenge around SBOM automation. Here’s a quick recap of what we’ve covered so far: GitHub Release Transfers: How to fetch SBOMs from GitHub release pages and move them to systems like folders, Dependency-Track, Interlynk, or AWS S3. Folder Monitoring: Running sbommv in daemon mode to continuously watch a local folder and upload new SBOMs as they appear. AWS S3 Integration: Adding S3 as both an input and output adapter, enabling SBOM flows to and from S3 buckets. In short, sbommv is a tool built for automation—designed to seamlessly move SBOMs across systems, with support for format conversion, metadata enrichment, and monitoring workflows like folders. ...

Hey there 👋, SBOM enthusiasts ! Since the 2021 Cyber security Executive Order by Joe Biden. SBOMs (Software Bill of Materials) have become essential for software security and compliance. With countries like the EU, US, Germany, and India introducing their own SBOM regulations, it’s clear: SBOMs aren’t optional anymore—they’re the new standard. To meet this demand, tools for SBOM generation, signing, quality analysis, enrichment, and integration into security platforms have rapidly evolved, largely driven by the open-source community. ...

Introduction In today’s interconnected software ecosystem, applications are rarely built from scratch. Modern software is assembled from hundreds or even thousands of components - open source libraries, proprietary modules, and third-party services. This complexity creates a critical challenge: how do we know what’s actually inside our software? Enter the Software Bill of Materials (SBOM) - a comprehensive inventory that provides transparency into software components and their relationships. What is an SBOM? A Software Bill of Materials (SBOM) is a formal, machine-readable inventory of all components, libraries, and modules that make up a software application. Think of it as a detailed ingredient list for software - just as food products list their ingredients and nutritional information, an SBOM lists all the software components and their dependencies. ...