3d ago · 3 min read · The Log4Shell vulnerability sent shockwaves through the tech world, exposing critical weaknesses in our software supply chains. But was it just a harbinger of what's to come, and are we truly prepared
Join discussion
Feb 22 · 22 min read · The XZ Utils backdoor (CVE-2024-3094) nearly became the most devastating supply chain attack in history; a patient, three-year social engineering campaign that embedded a remote code execution backdoo
Join discussion
Feb 14 · 6 min read · In today's world, containers are the backbone of many software deployments. Docker, the leading containerization platform, allows us to package applications and their dependencies into portable, isolated units. However, simply creating a Docker image...
Join discussion
Sep 5, 2025 · 8 min read · Hi, and welcome back to part 5 of this series on SBOMs. This will be the last technical part before we start exploring the visual business value a Software-Bill-of-Materials can provide to an organization in installment 6. The goal of this part is to...
Join discussionSep 5, 2025 · 7 min read · An SBOM generated at runtime can already have significant added value over SBOMs generated at build or compile time. But to truly beef up your security-processes, here are some neat complementary building blocks to create a sturdy trident of vulnerab...
Join discussionSep 4, 2025 · 12 min read · Welcome back to SBOM-Fridays! Where the first part of this series provided context and theoretical paradigms regarding SBOMs, this part will be laying out the philosophical approach and technical implementations on how an SBOM is constructed in more ...
Join discussionSep 4, 2025 · 30 min read · Welcome back to SBOM-Fridays! In the previous part, we set up our basic tooling for the engine to be a black box, processing and distilling information into a legally compliant artifact. We put our source files on the production server so that we can...
Join discussionAug 30, 2025 · 5 min read · Summary — I hardened a tiny Node.js repo using only free tooling: PR gates (branch protection, Dependency Review, secrets scanning), repo posture checks (OpenSSF Scorecard), SBOM + vulnerability gating (Syft → CycloneDX + Grype), and verifiable build...
Join discussion
Aug 15, 2025 · 7 min read · In the context of ever increasing software supply chain security needs, the SBOM is gaining traction as a standardized means to find, map and assess dependencies & vulnerabilities of a given software solution. But what is an SBOM? What does it look l...
Join discussionAug 3, 2025 · 17 min read · This time, I would like to delve into a discussion about Harbor, which is a particular container registry within the Cloud Native Computing Foundation (CNCF) landscape. Harbor is an open-source tool that plays a crucial role in managing and securing ...
Join discussion
