MPMister Pinmisterp.hashnode.dev·Sep 5, 2025 · 8 min readSBOM-Fridays: V. Post Processing: Dealing with Engine Output - Signing, Serializing, Compressing & Encrypting.Hi, and welcome back to part 5 of this series on SBOMs. This will be the last technical part before we start exploring the visual business value a Software-Bill-of-Materials can provide to an organization in installment 6. The goal of this part is to...00
MPMister Pinmisterp.hashnode.dev·Sep 5, 2025 · 7 min readSBOM-Fridays: IV. Closed Circuit Setup: Vulnerability Scanner, Background Processor for SBOM Generation and Blocking Release TestAn SBOM generated at runtime can already have significant added value over SBOMs generated at build or compile time. But to truly beef up your security-processes, here are some neat complementary building blocks to create a sturdy trident of vulnerab...00
MPMister Pinmisterp.hashnode.dev·Sep 4, 2025 · 30 min readSBOM-Fridays: III. The Engine, the Trade-offs & the Generating of the ArtifactWelcome back to SBOM-Fridays! In the previous part, we set up our basic tooling for the engine to be a black box, processing and distilling information into a legally compliant artifact. We put our source files on the production server so that we can...00
MPMister Pinmisterp.hashnode.dev·Sep 4, 2025 · 12 min readSBOM-Fridays: II. File Aggregation and Gathering Dependency Data from Multi-Stack ReposWelcome back to SBOM-Fridays! Where the first part of this series provided context and theoretical paradigms regarding SBOMs, this part will be laying out the philosophical approach and technical implementations on how an SBOM is constructed in more ...00
MPMister Pinmisterp.hashnode.dev·Aug 15, 2025 · 7 min readSBOM-Fridays: I. Introduction to and relevance of SBOMSIn the context of ever increasing software supply chain security needs, the SBOM is gaining traction as a standardized means to find, map and assess dependencies & vulnerabilities of a given software solution. But what is an SBOM? What does it look l...00