An Intellyx Brain Candy Update When we last spoke to ReversingLabs in June 2024, the company had just launched its Spectra Assure software supply chain security product suite and the associated Spectra Assure Community. More recently, the company has rolled out its extended bill of materials (xBOM) offering which extends the software bill of materials […]| Intellyx – The Digital Transformation Experts – Analysts
An Intellyx Brain Candy Brief Minimus provides minimized container images for many popular applications and cloud native infrastructure components, thus reducing potential vulnerabilities as well as shrinking the footprint and speeding up performance of each application. Minimus applies the latest patches and security updates to each container image and offers a daily update service that […]| Intellyx – The Digital Transformation Experts – Analysts
By Ben Cotton and Dejan Bosanac The superpower of open source is multiple people working together on a common goal. That works for projects, too. GUAC and Trustify are two...| Open Source Security Foundation
Driven by cyberattacks and new regulations, software supply chain security is a top concern that requires robust software identification. The post Why we need better software identification appeared first on Software Heritage.| Software Heritage
The post Shift Right Security for EKS appeared first on Anchore.| Anchore
Welcome to the final installment in our 5-part series on Software Bills of Materials (SBOMs). Throughout this series, we’ve explored Now, we’ll examine how SBOMs intersect with various disciplines across the software ecosystem. SBOMs don’t exist in isolation—they’re part of a broader landscape of software development, security, and compliance practices. Understanding these intersections is crucial […] The post SBOMs as the Crossroad of the Software Supply Chain: Anchore Learning...| Anchore
Welcome to the fourth installment in our 5-part series on software bill of materials (SBOMs) In our previous posts, we’ve covered SBOM fundamentals, SBOM generation and scalable SBOM management. Now, we shift our focus to the bigger picture, exploring strategic perspectives from software supply chain thought leaders. After you’ve finished day four, dive into day […] The post SBOM Insights on LLMs, Compliance Attestations and Security Mental Models: Anchore Learning Week (Day 4) appeared...| Anchore
Welcome to the third installment in our 5-part series on software bill of materials (SBOMs)—check here for day 1 and day 2. Now, we’re leveling up to tackle one of the most significant challenges organizations face: scaling SBOM management to keep pace with the velocity of modern, DevOps-based software development. After you’ve digested this part, […] The post DevOps-Scale SBOM Management: Anchore Learning Week (Day 3) appeared first on Anchore.| Anchore
Welcome to day 2 of our 5-part series on Software Bills of Materials (SBOMs). In our previous post, we covered the basics of SBOMs and why they’re essential for modern software security. Now, we’re ready to roll up our sleeves and get technical. After you’ve digested this part, jump into day three, “DevOps-Scale SBOM Management“, […] The post SBOM Generation Step-by-Step: Anchore Learning Week (Day 2) appeared first on Anchore.| Anchore
This blog post is the first in our 5-day series exploring the world of SBOMs and their role in securing the foundational but often overlooked 3rd-party software supply chain. Whether you’re just beginning your SBOM journey or looking to refresh your foundational knowledge, these resources will provide a solid understanding of what SBOMs are and […] The post SBOM Fundamentals: Anchore Learning Week (Day 1) appeared first on Anchore.| Anchore
Your software contains 150+ dependencies you didn’t write, don’t maintain, and can’t fully audit—yet you’re accountable for every vulnerability they introduce. Organizations implementing comprehensive SBOM strategies detect supply chain compromises in minutes instead of days—or worse after a breach. Anchore has been leading the SBOM charge for almost a decade: providing educational resources, tools and […] The post Anchore’s SBOM Learning Week: From Reactive to Resilient in 5 ...| Anchore
When CVE-2025-1974 (#IngressNightmare) was disclosed, incident response teams had hours—at most—before exploits appeared in the wild. Imagine two companies responding: Which camp would you rather be in when the next critical CVE drops? Most of us prefer the team that built visibility for their software supply chain security before the crisis hit. CVE-2025-1974 was particularly […] The post From War Room to Workflow: How Anchore Transforms CVE Incident Response appeared first on Anchore.| Anchore
About one year ago, Anchore’s own Josh Bressers broke the story that NVD (National Vulnerability Database) was not keeping up with its vulnerability enrichment. This week, we sat down with Josh to see how things are going. > Josh, can you tell our readers what you mean when you say NVD stopped enriching data? Sure! […] The post The NVD Enrichment Crisis: One Year Later—How Anchore is Filling the Vulnerability Data Gap appeared first on Anchore.| Anchore
In an era where a single line of compromised code can bring entire enterprise systems to their knees, software supply chain security has transformed from an afterthought to a mission-critical priority. The urgency is undeniable: while software supply chain attacks grew by a staggering 540% year-over-year from 2019 to 2022, organizations have rapidly responded. Organizations […] The post Automate Your Compliance: How Anchore Enforce Secures the Software Supply Chain appeared first on Anchore.| Anchore
Is your organization’s PCI compliance coming up for renewal in 2025? Or are you looking to achieve PCI compliance for the first time? Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) became mandatory on March 31, 2025. For enterprise’s utilizing a 3rd-party software software supply chain—essentially all companies, according to The […] The post The Critical Role of SBOMs in PCI DSS 4.0 Compliance appeared first on Anchore.| Anchore
If you’re a developer, this vignette may strike a chord: You’re deep in the flow, making great progress on your latest feature, when someone from the security team sends you an urgent message. A vulnerability has been discovered in one of your dependencies and has failed a compliance review. Suddenly, your day is derailed as […] The post The Developer’s Guide to SBOMs & Policy-as-Code appeared first on Anchore.| Anchore
Two cybersecurity buzzwords are rapidly shaping how organizations manage risk and streamline operations: Continuous Monitoring (ConMon) and Software Bill of Materials (SBOMs). ConMon, rooted in the traditional security principle—“trust but verify”—has evolved into an iterative process where organizations measure, analyze, design, and implement improvements based on real-time data. Meanwhile, SBOMs offer a snapshot of an […] The post Software Supply Chain Transparency: Why SBOMs Are ...| Anchore
Security professionals often need to analyze the contents of virtual machines (VMs) to generate Software Bills of Materials (SBOMs). This seemingly straightforward task can become surprisingly complex. I’d like to introduce sbom-vm, a prototype tool I created to simplify this process. The Current Challenge Security teams typically use tools such as Syft to generate SBOMs […] The post Making Virtual Machine Security Analysis Easier with sbom-vm appeared first on Anchore.| Anchore
As software supply chain security becomes a top priority, organizations are turning to Software Bill of Materials (SBOM) generation and analysis to gain visibility into the composition of their software and supply chain dependencies in order to reduce risk. However, integrating SBOM analysis tools into existing workflows can be complex, requiring extensive configuration and technical […] The post Effortless SBOM Analysis: How Anchore Enterprise Simplifies Integration appeared first on Anchore.| Anchore
At Anchore, we frequently discuss the steady drum beat of regulatory bodies mandating SBOMs (Software Bills of Materials) as the central element of modern software supply chain security. The Digital Operational Resilience Act (DORA) is the most recent framework responding to the accelerating growth of software supply chain attacks—by requiring, in all but name, the […] The post DORA + SBOM Primer: Achieving Software Supply Chain Security in Regulated Industries appeared first on Anchore.| Anchore
A few weeks ago, the Biden administration published a new Executive Order (EO) titled “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity”. This is a follow-up to the original cybersecurity executive order—EO 14028—from May 2021. This latest EO specifically targets improvements to software supply chain security that addresses gaps and challenges that […] The post 2025 Cybersecurity Executive Order Requires Up Leveled Software Supply Chain Secur...| Anchore
In recent years, we’ve witnessed software supply chain security transition from a quiet corner of cybersecurity into a primary battlefield. This is due to the increasing complexity of modern software that obscures the full truth—applications are a tower of components of unknown origin. Cybercriminals have fully embraced this hidden complexity as a ripe vector to […] The post Software Supply Chain Security in 2025: SBOMs Take Center Stage appeared first on Anchore.| Anchore
Software Bills of Materials (SBOMs) have quickly become a critical component in modern software supply chain security. By offering a transparent view of all the components that make up your applications, SBOMs enable you to pinpoint vulnerabilities before they escalate into costly incidents. As we enter 2025, software supply chain security and risk management for […] The post All Things SBOM in 2025: a Weekly Webinar Series appeared first on Anchore.| Anchore
When we were invited to participate in Carnegie Mellon University’s Software Engineering Institute (SEI) SBOM Harmonization Plugfest 2024, we saw an opportunity to contribute to SBOM generation standardization efforts and thoroughly exercise our open-source SBOM generator, Syft. While the Plugfest only required two SBOM submissions, we decided to go all in – and learned some […] The post Going All In: Anchore at SBOM Plugfest 2024 appeared first on Anchore.| Anchore
This blog post has been archived and replaced by the supporting pillar page that can be found here: https://anchore.com/wp-admin/post.php?post=987474667&action=edit The blog post is meant to remain “public” so that it will continue to show on the /blog feed. This will help discoverability for people browsing the blog and potentially help SEO. If it is clicked […] The post Automating SBOMs: From Creation to Scanning & Analysis appeared first on Anchore.| Anchore
Container security is critical – one breach can lead to devastating data losses and business disruption. NVIDIA’s new AI Blueprint for Vulnerability Analysis transforms how organizations handle these risks by automating vulnerability detection and analysis. For enhanced container security, this AI-powered solution is a potential game-changer. At its core, the Blueprint combines AI-driven scanning with […] The post Enhancing Container Security with NVIDIA’s AI Blueprint and Anchore’s...| Anchore
After thinking about multi-stage Debian rebuilds I wanted to implement the idea. Recall my illustration: Earlier I rebuilt all packages that make up the difference between Ubuntu and Trisquel. It turned out to be a 42% bit-by-bit identical similarity. To Continue reading Building Debian in a GitLab Pipeline→| Simon Josefsson's blog
© 2025 Peter N. M. Hansteen The system you develop and maintain does not exist in isolation. Providing SBOMs for our work is o...| bsdly.blogspot.com
サイオステクノロジーの佐々木です。 今回はSBOMツールについて様々な観点で表にまとめてみました。(目視で調べ| SIOS Tech.Lab
こんにちは。先日、社内にてSBOMに関する勉強会を行いました。この記事では、そこで学んだSBOMのメリットや導入する際の注意点などを解説していきたいと思います。 特に、SBOMに興味はあるけど具体的に何していいかわからない、という方に参考になると思っています。少々長いですが、最後まで読んでいただけると嬉しいです。| SIOS Tech.Lab
The EU Cyber Resilience Act (CRA) is one step from official adoption. Supply chain security, SBOMs and vulnerability management are priorities.| blog.adolus.com
aDolus participated in the S4x23 SBOM Challenge run by Idaho National Labs (INL) to share SBOM capabilities with attendees. This is part 1 of a series.| blog.adolus.com
aDolus participated in the S4x23 SBOM Challenge run by Idaho National Labs (INL) to share SBOM capabilities with attendees. This is part 3 of a series.| blog.adolus.com
aDolus participated in the S4x23 SBOM Challenge run by Idaho National Labs (INL) to share SBOM capabilities with attendees. This is part 2 of a series.| blog.adolus.com