Tag feed

#sbom

20 posts4 followers

Explore Hashnode

Alternatives

Trending tags this week

DWDaniel Westgaardriftmap.hashnode.devJun 2 · 16 min read

The CRA's 24-hour clock is a cross-repo question. Your SBOM answers a different one.

It is a Tuesday in late September 2026. A maintainer publishes a fix for an actively exploited vulnerability in a base image your platform team maintains: company/base-runtime. Somewhere in a Slack ch

0

MBMatthias Brunsblog.matthiasbruns.comMay 1 · 7 min read

Software Bills of Delivery: Beyond SBOMs with Component Models

Traditional Software Bills of Materials (SBOMs) have served as the foundation for software supply chain transparency, but they're showing their limitations in today's complex, distributed environments. While SBOMs catalog components and dependencies,...

0

MBMatthias Brunsblog.matthiasbruns.comApr 28 · 8 min read

Open Component Model in Production: Building Software Bills of Delivery for Cloud-Native Supply Chains

The software supply chain has become a critical attack vector, with incidents like SolarWinds and Log4Shell exposing how vulnerable our interconnected systems really are. Traditional Software Bills of Materials (SBOMs) tell us what components exist, ...

0

SDSylvester Dasblog.minifyn.comMar 31 · 3 min read

Beyond Log4Shell: Fortifying Your Defenses Against the Next Cyber Crisis

The Log4Shell vulnerability sent shockwaves through the tech world, exposing critical weaknesses in our software supply chains. But was it just a harbinger of what's to come, and are we truly prepared

0

SMSubhanshu Mohan Guptablogs.subhanshumg.comFeb 22 · 22 min read

The $4.45M Mistake: How a Missing SBOM Requirement Let the XZ Utils Backdoor Slip Past Millions of Servers

The XZ Utils backdoor (CVE-2024-3094) nearly became the most devastating supply chain attack in history; a patient, three-year social engineering campaign that embedded a remote code execution backdoo

0

SDSylvester Dasblog.minifyn.comFeb 14 · 6 min read

Hardening Your Docker Images: From Zero to Secure with Open Source Tools

In today's world, containers are the backbone of many software deployments. Docker, the leading containerization platform, allows us to package applications and their dependencies into portable, isolated units. However, simply creating a Docker image...

0

MPMister Pmisterp.hashnode.devSep 5, 2025 · 8 min read

SBOM-Fridays: V. Post Processing: Dealing with Engine Output - Signing, Serializing, Compressing & Encrypting.

Hi, and welcome back to part 5 of this series on SBOMs. This will be the last technical part before we start exploring the visual business value a Software-Bill-of-Materials can provide to an organization in installment 6. The goal of this part is to...

0

MPMister Pmisterp.hashnode.devSep 5, 2025 · 7 min read

SBOM-Fridays: IV. Closed Circuit Setup: Vulnerability Scanner, Background Processor for SBOM Generation and Blocking Release Test

An SBOM generated at runtime can already have significant added value over SBOMs generated at build or compile time. But to truly beef up your security-processes, here are some neat complementary building blocks to create a sturdy trident of vulnerab...

0

MPMister Pmisterp.hashnode.devSep 4, 2025 · 12 min read

SBOM-Fridays: II. File Aggregation and Gathering Dependency Data from Multi-Stack Repos

Welcome back to SBOM-Fridays! Where the first part of this series provided context and theoretical paradigms regarding SBOMs, this part will be laying out the philosophical approach and technical implementations on how an SBOM is constructed in more ...

0

MPMister Pmisterp.hashnode.devSep 4, 2025 · 30 min read

SBOM-Fridays: III. The Engine, the Trade-offs & the Generating of the Artifact

Welcome back to SBOM-Fridays! In the previous part, we set up our basic tooling for the engine to be a black box, processing and distilling information into a legally compliant artifact. We put our source files on the production server so that we can...

0

#sbom

Search Hashnode

#sbom

Explore Hashnode

Trending tags this week

The CRA's 24-hour clock is a cross-repo question. Your SBOM answers a different one.

Software Bills of Delivery: Beyond SBOMs with Component Models

Open Component Model in Production: Building Software Bills of Delivery for Cloud-Native Supply Chains

Beyond Log4Shell: Fortifying Your Defenses Against the Next Cyber Crisis

The $4.45M Mistake: How a Missing SBOM Requirement Let the XZ Utils Backdoor Slip Past Millions of Servers

Hardening Your Docker Images: From Zero to Secure with Open Source Tools

SBOM-Fridays: V. Post Processing: Dealing with Engine Output - Signing, Serializing, Compressing & Encrypting.

SBOM-Fridays: IV. Closed Circuit Setup: Vulnerability Scanner, Background Processor for SBOM Generation and Blocking Release Test

SBOM-Fridays: II. File Aggregation and Gathering Dependency Data from Multi-Stack Repos

SBOM-Fridays: III. The Engine, the Trade-offs & the Generating of the Artifact