This guide shows how to dramatically reduce container image size using Docker multi‑stage builds, choose minimal base images, automatically generate SPDX/CycloneDX SBOMs, sign images with Cosign, and integrate the whole process into CI/CD pipelines for secure, lightweight deployments.
This article explains why modern applications, built largely from open‑source components, require OSPOs to adopt automated SCA and SBOM pipelines that shift compliance left, ensuring supply‑chain security and licensing compliance across development and release stages.
The article examines how modern military software, built largely from third‑party components, faces supply‑chain attacks, explains the need for SBOMs, and proposes a centralized trusted component repository with automated scanning, compliance checks, and full‑lifecycle auditing to secure defense systems.
This article examines the core applications of Software Bill of Materials (SBOM) and the SLSA framework across vulnerability response, license compliance, merger due‑diligence, and container image integrity, quantifies their return on investment, and showcases real‑world implementations by leading tech firms, highlighting how they enhance enterprise security, operational efficiency, and competitive advantage.
This article examines the distinct SBOM strategies of Google, Microsoft, and Meta, highlighting Google's large‑scale automation, Microsoft's open‑source tooling, and Meta's internal security integration, and draws lessons for enterprises seeking transparent and resilient software supply chain governance.
The article explains what a Software Bill of Materials (SBOM) is, why it has become a strategic security requirement, compares the leading SPDX and CycloneDX standards, examines China's emerging DSDX format, and offers practical guidance on selecting the right SBOM format and tools for various compliance and risk‑management scenarios.
This article explains how Software Bill of Materials (SBOM) mirrors hardware BOMs, outlines their core differences, presents best practices, tools, and implementation strategies to improve supply‑chain transparency, compliance, and security for modern software development.
This article explains how Software Bill of Materials (SBOM) serves as a digital map for component dependency and change management, detailing its functions in visualizing dependencies, detecting version conflicts, ensuring license compliance, and providing supply‑chain risk alerts, ultimately improving development efficiency, security, and regulatory compliance.
The article examines the critical importance of software supply chain security, outlines frequent attacks and real‑world cases, discusses national standards and compliance measures, and highlights emerging AI‑driven and blockchain‑based innovations that aim to protect the entire software lifecycle.
This guide explains how Spring Boot 3.3.0 natively supports Software Bill‑of‑Materials (SBOM) generation with CycloneDX, shows Gradle and Maven configuration steps, demonstrates building an uber‑jar that includes the SBOM, and details how to expose the SBOM via Actuator endpoints and customize formats.
The article introduces a five‑stage OSPO maturity model—ranging from ad‑hoc open‑source use to a strategic technology advisor—detailing essential patterns, recommended community resources, and a practical checklist to help organizations build compliance, advocacy, project‑launch, and governance capabilities for open‑source programs.
This article explains what an SBOM (Software Bill of Materials) is, its purpose for software supply‑chain visibility and risk management, compares it with SLSA and Black Duck, outlines best‑practice recommendations, and lists popular tools for generating SBOMs.
This article explains how open‑source technologies drive digital transformation in finance, outlines the regulatory "Opinions" guiding secure, compliant use, and details a comprehensive open‑source security management framework—including lifecycle standards, a dedicated platform, DevOps integration, SBOM adoption, and continuous risk mitigation.
This article explains what a Software Bill of Materials (SBOM) is, compares it with SLSA and Black Duck, outlines best practices for creating and maintaining SBOMs, and reviews popular tools for generating SBOMs to improve software supply chain security.
The article surveys the 2023 cloud‑native landscape, highlighting the rise of cloud‑based IDEs, the mainstreaming of FinOps and GreenOps, the ubiquity of open‑source SBOMs, the maturation of GitOps and OpenTelemetry, the growing impact of WebAssembly, and several related forecasts for the industry.
Google’s open‑source OSV‑Scanner provides a powerful front‑end to the OSV vulnerability database, allowing developers to scan directories, SBOMs, and Docker images for known security issues across 16 ecosystems, outputting results in JSON or table format and supporting ignore rules for specific vulnerabilities.
In a detailed interview, XMirror Security founder Zi‑Ya discusses the origins of his team, the core elements of DevSecOps, the innovative code‑vaccine technology combining IAST and RASP, maturity stages of development security in China, and future trends in software‑supply‑chain security.
The article analyzes the rising threat of open‑source components, explains Software Composition Analysis (SCA) and SBOM generation, outlines the three‑stage process for building an in‑house SCA capability, discusses practical challenges such as data quality and integration, and looks ahead to future standards and open‑source tools.
The article reveals the recovered 1994 Linus Torvalds presentation, highlights Linux 5.16's performance gains for AMD mobile CPUs, discusses upcoming Linux security initiatives such as SBOM and Rust adoption, and warns of compatibility challenges as Chrome approaches version 100.
