Experimental News Clipping Site

Tag: software supply chain

  • Anchore: Unlocking the Power of SBOMs: A Complete Guide

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/unlocking-the-power-of-sboms-a-complete-guide/ Source: Anchore Title: Unlocking the Power of SBOMs: A Complete Guide Feedly Summary: Software Bill of Materials (SBOMs) are no longer optional—they’re mission-critical. That’s why we’re excited to announce the release of our new white paper, “Unlock Enterprise Value with SBOMs: Use-Cases for the Entire Organization.” This comprehensive guide is designed for…

  • Anchore: Generating Python SBOMs: Using pipdeptree and Syft

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/python-sbom-generation/ Source: Anchore Title: Generating Python SBOMs: Using pipdeptree and Syft Feedly Summary: SBOM (software bill of materials) generation is becoming increasingly important for software supply chain security and compliance. Several approaches exist for generating SBOMs for Python projects, each with its own strengths. In this post, we’ll explore two popular methods: using…

  • Anchore: How to Unlock Enterprise Value with SBOMs

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/white-papers/how-to-unlock-enterprise-value-with-sboms/ Source: Anchore Title: How to Unlock Enterprise Value with SBOMs Feedly Summary: Use cases for Security, Engineering, Compliance, Legal and Sales The post How to Unlock Enterprise Value with SBOMs appeared first on Anchore. AI Summary and Description: Yes Summary: The text emphasizes the importance of Software Bill of Materials (SBOMs) in…

  • Anchore: Effortless SBOM Analysis: How Anchore Enterprise Simplifies Integration

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/effortless-sbom-analysis-how-anchore-enterprise-simplifies-integration/ Source: Anchore Title: Effortless SBOM Analysis: How Anchore Enterprise Simplifies Integration Feedly Summary: As software supply chain security becomes a top priority, organizations are turning to Software Bill of Materials (SBOM) generation and analysis to gain visibility into the composition of their software and supply chain dependencies in order to reduce risk.…

  • Anchore: Syft 1.20: Faster Scans, Smarter License Detection, and Enhanced Bitnami Support

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/syft-1-20-faster-scans-smarter-license-detection-and-enhanced-bitnami-support/ Source: Anchore Title: Syft 1.20: Faster Scans, Smarter License Detection, and Enhanced Bitnami Support Feedly Summary: We’re excited to announce Syft v1.20.0! If you’re new to the community, Syft is Anchore’s open source software composition analysis (SCA) and SBOM generation tool that provides foundational support for software supply chain security for modern…

  • Anchore: SBOM 101: A Guide for Developers, Security Engineers & the DevSecOps Community

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/white-papers/sbom-101-a-guide-for-developers-security-engineers-the-devsecops-community/ Source: Anchore Title: SBOM 101: A Guide for Developers, Security Engineers & the DevSecOps Community Feedly Summary: Understand, Implement & Leverage SBOMs for Stronger Security & Risk Management. The post SBOM 101: A Guide for Developers, Security Engineers & the DevSecOps Community appeared first on Anchore. AI Summary and Description: Yes Summary:…

  • Anchore: Trust in the Supply Chain: CycloneDX Attestations & SBOMs

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/events/trust-in-the-supply-chain-cyclonedx-attestations-sboms/ Source: Anchore Title: Trust in the Supply Chain: CycloneDX Attestations & SBOMs Feedly Summary: The post Trust in the Supply Chain: CycloneDX Attestations & SBOMs appeared first on Anchore. AI Summary and Description: Yes Summary: This text relates to software security, specifically focusing on Software Bill of Materials (SBOM) and CycloneDX’s innovations.…

  • Hacker News: Dangerous dependencies in third-party software – the underestimated risk

    by

    Kurt Seifried
    in

    Source URL: https://linux-howto.org/article/dangerous-dependencies-in-third-party-software-the-underestimated-risk Source: Hacker News Title: Dangerous dependencies in third-party software – the underestimated risk Feedly Summary: Comments AI Summary and Description: Yes **Short Summary with Insight:** The provided text offers an extensive exploration of the vulnerabilities associated with software dependencies, particularly emphasizing the risks posed by third-party libraries in the rapidly evolving landscape…

  • Hacker News: Delivering Malware Through Abandoned Amazon S3 Buckets

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/02/delivering-malware-through-abandoned-amazon-s3-buckets.html Source: Hacker News Title: Delivering Malware Through Abandoned Amazon S3 Buckets Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a concerning vulnerability in software supply chain security, specifically targeting abandoned Amazon S3 buckets that could serve as a platform for malware delivery. The research highlights the potential risks…

  • Schneier on Security: Delivering Malware Through Abandoned Amazon S3 Buckets

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/02/delivering-malware-through-abandoned-amazon-s3-buckets.html Source: Schneier on Security Title: Delivering Malware Through Abandoned Amazon S3 Buckets Feedly Summary: Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize…