0 views collected around this technical thread.
This article explains how Software Bill of Materials (SBOM) mirrors hardware BOMs, outlines their core differences, presents best practices, tools, and implementation strategies to improve supply‑chain transparency, compliance, and security for modern software development.
This article explains how Software Bill of Materials (SBOM) serves as a digital map for component dependency and change management, detailing its functions in visualizing dependencies, detecting version conflicts, ensuring license compliance, and providing supply‑chain risk alerts, ultimately improving development efficiency, security, and regulatory compliance.
The article examines the critical importance of software supply chain security, outlines frequent attacks and real‑world cases, discusses national standards and compliance measures, and highlights emerging AI‑driven and blockchain‑based innovations that aim to protect the entire software lifecycle.
This guide explains how Spring Boot 3.3.0 natively supports Software Bill‑of‑Materials (SBOM) generation with CycloneDX, shows Gradle and Maven configuration steps, demonstrates building an uber‑jar that includes the SBOM, and details how to expose the SBOM via Actuator endpoints and customize formats.
The article introduces a five‑stage OSPO maturity model—ranging from ad‑hoc open‑source use to a strategic technology advisor—detailing essential patterns, recommended community resources, and a practical checklist to help organizations build compliance, advocacy, project‑launch, and governance capabilities for open‑source programs.
This article explains what an SBOM (Software Bill of Materials) is, its purpose for software supply‑chain visibility and risk management, compares it with SLSA and Black Duck, outlines best‑practice recommendations, and lists popular tools for generating SBOMs.
This article explains how open‑source technologies drive digital transformation in finance, outlines the regulatory "Opinions" guiding secure, compliant use, and details a comprehensive open‑source security management framework—including lifecycle standards, a dedicated platform, DevOps integration, SBOM adoption, and continuous risk mitigation.
This article explains what a Software Bill of Materials (SBOM) is, compares it with SLSA and Black Duck, outlines best practices for creating and maintaining SBOMs, and reviews popular tools for generating SBOMs to improve software supply chain security.
The article surveys the 2023 cloud‑native landscape, highlighting the rise of cloud‑based IDEs, the mainstreaming of FinOps and GreenOps, the ubiquity of open‑source SBOMs, the maturation of GitOps and OpenTelemetry, the growing impact of WebAssembly, and several related forecasts for the industry.
In a detailed interview, XMirror Security founder Zi‑Ya discusses the origins of his team, the core elements of DevSecOps, the innovative code‑vaccine technology combining IAST and RASP, maturity stages of development security in China, and future trends in software‑supply‑chain security.