fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

8.8K
active users

#cyclonedx

1 post1 participant0 posts today
Viktor Petersson<p>SPDX support in Dependency-Track? Not right now.</p><p>There’s an open issue to bring back SPDX v3, but the long-term goal isn’t about picking sides, it’s format agnosticism.</p><p>Dependency-Track ingests SBOMs into its own model so teams can act on insights, not syntax.</p><p>Let’s not make formats the bottleneck.</p><p><a href="https://hachyderm.io/tags/cyclonedx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyclonedx</span></a> <a href="https://hachyderm.io/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devsecops</span></a> <a href="https://hachyderm.io/tags/oss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oss</span></a></p>
Habr<p>Сравнение SBOM-генераторов</p><p>Software Bill of Materials (SBOM) становится всё более важным элементом обеспечения безопасности программного обеспечения. С появлением множества инструментов для генерации SBOM, встаёт вопрос — а какой из них выбрать?</p><p><a href="https://habr.com/ru/companies/swordfish_security/articles/916256/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/swordfis</span><span class="invisible">h_security/articles/916256/</span></a></p><p><a href="https://zhub.link/tags/SCA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SCA</span></a> <a href="https://zhub.link/tags/sbom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sbom</span></a> <a href="https://zhub.link/tags/trivy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>trivy</span></a> <a href="https://zhub.link/tags/cdxgen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cdxgen</span></a> <a href="https://zhub.link/tags/syft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>syft</span></a> <a href="https://zhub.link/tags/cyclonedx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyclonedx</span></a></p>
Olle E. Johansson<p>The OWASP Transparency Exchange API has published our first BETA release for implementors to start implementing the consumer API including the discovery. Get all the docs including the <a class="hashtag" href="https://bsky.app/search?q=%23openapi" rel="nofollow noopener" target="_blank">#openapi</a> specification here: <a href="https://github.com/CycloneDX/transparency-exchange-api/releases/tag/0.1.0-beta.1" rel="nofollow noopener" target="_blank">github.com/CycloneDX/tr...</a> <a class="hashtag" href="https://bsky.app/search?q=%23OWASP" rel="nofollow noopener" target="_blank">#OWASP</a> <a class="hashtag" href="https://bsky.app/search?q=%23TEA" rel="nofollow noopener" target="_blank">#TEA</a> <a class="hashtag" href="https://bsky.app/search?q=%23SBOM" rel="nofollow noopener" target="_blank">#SBOM</a> <a class="hashtag" href="https://bsky.app/search?q=%23CYCLONEDX" rel="nofollow noopener" target="_blank">#CYCLONEDX</a> <a class="hashtag" href="https://bsky.app/search?q=%23SPDX" rel="nofollow noopener" target="_blank">#SPDX</a><br><br><a href="https://github.com/CycloneDX/transparency-exchange-api/releases/tag/0.1.0-beta.1" rel="nofollow noopener" target="_blank">Release 0.1.0-beta.1 · Cyclone...</a></p>
Habr<p>Как мы реализовали SCA при помощи SBOM</p><p>Чем больше микросервисов в компании, тем веселее жизнь у тех, кто отвечает за безопасность. Количество зависимостей растёт, и в какой-то момент становится нереально уследить, откуда в коде может вылезти критичная уязвимость — будь то старая библиотека или транзитивная зависимость, о которой никто даже не помнит. Решение этого — SCA (Software Composition Analysis) автоматический анализ зависимостей, который помогает вовремя вылавливать уязвимые библиотеки и понимать, что с ними делать. Меня зовут Эрик Шахов, я AppSec-инженер в Циан. В этой статье расскажу, как мы перестроили систему SCA, изменили её архитектуру и какие инструменты теперь используем для контроля зависимостей. Поделюсь реальным опытом внедрения SBOM (Software Bill of Materials) и тем, как он помогает нам держать код в порядке.</p><p><a href="https://habr.com/ru/companies/cian/articles/900040/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/cian/art</span><span class="invisible">icles/900040/</span></a></p><p><a href="https://zhub.link/tags/trivy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>trivy</span></a> <a href="https://zhub.link/tags/cyclonedx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyclonedx</span></a> <a href="https://zhub.link/tags/%D1%83%D0%BF%D1%80%D0%B0%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D0%B5_%D0%B7%D0%B0%D0%B2%D0%B8%D1%81%D0%B8%D0%BC%D0%BE%D1%81%D1%82%D1%8F%D0%BC%D0%B8" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>управление_зависимостями</span></a> <a href="https://zhub.link/tags/sbom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sbom</span></a> <a href="https://zhub.link/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a> <a href="https://zhub.link/tags/sca" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sca</span></a> <a href="https://zhub.link/tags/%D1%81%D0%BA%D0%B0%D0%BD%D0%B5%D1%80%D1%8B_%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D0%B8" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>сканеры_безопасности</span></a> <a href="https://zhub.link/tags/cdxgen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cdxgen</span></a> <a href="https://zhub.link/tags/%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%B0%D1%8F_%D1%80%D0%B0%D0%B7%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B0" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>безопасная_разработка</span></a> <a href="https://zhub.link/tags/%D1%81%D0%BA%D0%B0%D0%BD%D0%B5%D1%80%D1%8B_%D1%83%D1%8F%D0%B7%D0%B2%D0%B8%D0%BC%D0%BE%D1%81%D1%82%D0%B5%D0%B9" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>сканеры_уязвимостей</span></a></p>
anchore<p>SBOMs are more than an inventory—they're a critical tool for securing modern software development. Our latest guide breaks down @SBOM fundamentals, key standards like <a href="https://mstdn.business/tags/SPDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SPDX</span></a> and <a href="https://mstdn.business/tags/CycloneDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CycloneDX</span></a>, and real-world use cases for security, compliance, and DevSecOps. Download now <a href="https://get.anchore.com/sbom101-guide-for-devsecops-community/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">get.anchore.com/sbom101-guide-</span><span class="invisible">for-devsecops-community/</span></a></p>
Socket<p>🚀 Exciting news: Socket is now part of TC54! We&#39;re joining forces to help shape the future of SBOMs, CycloneDX, and PURL, making software supply chains more secure &amp; transparent.</p><p><a href="https://socket.dev/blog/socket-joins-tc54" target="_blank" rel="nofollow noopener" translate="no"><span class="invisible">https://</span><span class="ellipsis">socket.dev/blog/socket-joins-t</span><span class="invisible">c54</span></a> <a href="https://fosstodon.org/tags/SBOM" class="mention hashtag" rel="tag">#<span>SBOM</span></a> <a href="https://fosstodon.org/tags/CycloneDX" class="mention hashtag" rel="tag">#<span>CycloneDX</span></a> <a href="https://fosstodon.org/tags/PURL" class="mention hashtag" rel="tag">#<span>PURL</span></a> <a href="https://fosstodon.org/tags/cybersecurity" class="mention hashtag" rel="tag">#<span>cybersecurity</span></a></p>
Oej<p>OWASP CycloneDX are coming to FOSDEM! We'll speak in many dev rooms and in the main track. Let's meet!</p><p><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/CYCLONEDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CYCLONEDX</span></a> <a href="https://infosec.exchange/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a></p>
anchore<p>Kick off 2025 right! Join our weekly <a href="https://mstdn.business/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a> webinar series starting Jan 14. Learn from experts like Kate Stewart (<a href="https://mstdn.business/tags/SPDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SPDX</span></a>) &amp; Steve Springett (<a href="https://mstdn.business/tags/CycloneDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CycloneDX</span></a>) and master the art of securing your software supply chain. </p><p>Read the blog post to get a sneak peek. ➡️ <a href="https://anchore.com/blog/all-things-sbom-in-2025-a-weekly-webinar-series/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">anchore.com/blog/all-things-sb</span><span class="invisible">om-in-2025-a-weekly-webinar-series/</span></a></p>
d33p.js<p>Was sind SBOMs?</p><p>Ein neuer Beitrag auf meinem Blog. Grundlagen zum Thema SBOMs.</p><p><a href="https://blog.security-manufaktur.de/sbom/bom/cyclonedx/spdx/opensource/oss/2024/12/17/sbom-grundlagen.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.security-manufaktur.de/sb</span><span class="invisible">om/bom/cyclonedx/spdx/opensource/oss/2024/12/17/sbom-grundlagen.html</span></a></p><p><a href="https://infosec.exchange/tags/bom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bom</span></a> <a href="https://infosec.exchange/tags/sbom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sbom</span></a> <a href="https://infosec.exchange/tags/sboms" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sboms</span></a> <a href="https://infosec.exchange/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>software</span></a> <a href="https://infosec.exchange/tags/softwaredevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>softwaredevelopment</span></a> <a href="https://infosec.exchange/tags/softwarebillofmaterials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>softwarebillofmaterials</span></a> <a href="https://infosec.exchange/tags/SoftwareBillsofMaterialSBOMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoftwareBillsofMaterialSBOMs</span></a> <a href="https://infosec.exchange/tags/dev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dev</span></a> <a href="https://infosec.exchange/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devops</span></a> <a href="https://infosec.exchange/tags/development" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>development</span></a> <a href="https://infosec.exchange/tags/developer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>developer</span></a> <a href="https://infosec.exchange/tags/blog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blog</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/cyclonedx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyclonedx</span></a> <a href="https://infosec.exchange/tags/spdx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spdx</span></a> <a href="https://infosec.exchange/tags/vex" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vex</span></a></p>
d33p.js<p>Bloggingsaturday?</p><p>"Das Spiel mit dem Open Source Feuer"?</p><p><a href="https://blog.security-manufaktur.de/sbom/cyclonedx/spdx/opensource/oss/kehl/2024/12/07/sbom-security-insider.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.security-manufaktur.de/sb</span><span class="invisible">om/cyclonedx/spdx/opensource/oss/kehl/2024/12/07/sbom-security-insider.html</span></a></p><p>Mich störte die Formulierung massiv, also schrieb ich einen Blog Eintrag dazu.</p><p><a href="https://infosec.exchange/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a> <a href="https://infosec.exchange/tags/SBOMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOMs</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/softwarebillofmaterials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>softwarebillofmaterials</span></a> <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://infosec.exchange/tags/spdx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spdx</span></a> <a href="https://infosec.exchange/tags/cyclonedx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyclonedx</span></a> <a href="https://infosec.exchange/tags/owasp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>owasp</span></a> <a href="https://infosec.exchange/tags/linuxfoundation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxfoundation</span></a></p>
OWASP Foundation<p>If your company creates software that manage Software Bill of Material data - SBOMs - then you want to take part of the standardisation of an ECMA standard API for exchanging software transparency artefacts. Join us on November 25th! <a href="http://teaintro.eventbrite.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">http://</span><span class="">teaintro.eventbrite.com</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/SPDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SPDX</span></a> <a href="https://infosec.exchange/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a> <a href="https://infosec.exchange/tags/INTOTO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>INTOTO</span></a> <a href="https://infosec.exchange/tags/CYCLONEDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CYCLONEDX</span></a> <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP</span></a></p>
OWASP Foundation<p>While the Koala project is part of <a href="https://infosec.exchange/tags/CycloneDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CycloneDX</span></a>, the work with the API will also support <a href="https://infosec.exchange/tags/SPDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SPDX</span></a> BOM files from start. Join us Nov. 25 for a virtual seminar where we tell you more about this API and what it means for you. <a href="http://teaintro.eventbrite.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">http://</span><span class="">teaintro.eventbrite.com</span><span class="invisible"></span></a></p>
Viktor Petersson<p>"I'm a big fan of transparency, but not at the expense of helping my adversaries, you know, do what they want to do!"</p><p>Episode 22 of Nerding Out with Viktor with Steve Springett is available on YouTube and all major listening platforms 🎧</p><p><a href="https://vpetersson.com/podcast/S01E22.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vpetersson.com/podcast/S01E22.</span><span class="invisible">html</span></a></p><p><a href="https://hachyderm.io/tags/SBOMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOMs</span></a> <a href="https://hachyderm.io/tags/CycloneDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CycloneDX</span></a> <a href="https://hachyderm.io/tags/podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podcast</span></a></p>
Viktor Petersson<p>"It's really about transparency."</p><p>Episode 22 of Nerding Out with Viktor with Steve Springett is available on YouTube and all major listening platforms 🎧</p><p><a href="https://vpetersson.com/podcast/S01E22.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vpetersson.com/podcast/S01E22.</span><span class="invisible">html</span></a></p><p><a href="https://hachyderm.io/tags/SBOMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOMs</span></a> <a href="https://hachyderm.io/tags/CycloneDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CycloneDX</span></a> <a href="https://hachyderm.io/tags/podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>podcast</span></a></p>
Oej<p>Got SBOMs? Need to subscribe to SBOMs or publish SBOMs? Join our coming webinar on Project Koala - The OWASP Transparency Exchange API!</p><p>Monday Nov 25 at 17:00 CET.</p><p>Free registration at <a href="https://teaintro.eventbrite.se" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">teaintro.eventbrite.se</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a> <a href="https://infosec.exchange/tags/SPDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SPDX</span></a> <a href="https://infosec.exchange/tags/CYCLONEDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CYCLONEDX</span></a></p>
Oej<p>We've published our first edition of SBOM Live! A one hour webinar covering SBOMs. </p><p><a href="https://infosec.exchange/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a> <a href="https://infosec.exchange/tags/CRA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CRA</span></a> <a href="https://infosec.exchange/tags/CYCLONEDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CYCLONEDX</span></a> <a href="https://infosec.exchange/tags/SPDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SPDX</span></a></p><p><a href="https://youtu.be/iz15RmjMA9c?si=-y9GW-fSDvXiGFir" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">youtu.be/iz15RmjMA9c?si=-y9GW-</span><span class="invisible">fSDvXiGFir</span></a></p>
Oej<p>Join me and Anthony Harrison on our first SBOM Europe webinar! Read more and register on <a href="https://sbomeurope01.eventbrite.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sbomeurope01.eventbrite.com</span><span class="invisible"></span></a> </p><p><a href="https://infosec.exchange/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a> <a href="https://infosec.exchange/tags/SPDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SPDX</span></a> <a href="https://infosec.exchange/tags/CYCLONEDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CYCLONEDX</span></a></p>
Habr<p>Секреты успешного SCA: использование режима evinse в cdxgen. Часть I</p><p>Привет, читатели Habr! С вами Анастасия Березовская, инженер по безопасности процессов разработки приложений в Swordfish Security. Сегодня мы расскажем про еще один инструмент, встречающийся в построении процессов Software Composition Analysis (SCA) — сdxgen . Он, как и популярный сканер Trivy, разбирает файлы манифестов, бинарные и другие файлы для извлечения информации о внешних компонентах, используемых в проекте. Кстати, о Trivy мы писали в одной из наших предыдущих статей, заходите почитать . Главным объектом нашего анализа стал новый и очень интересный режим работы cdxgen под названием evinse, представленный авторами в 2023 году. Evinse по исходному коду предоставляет расширенную информацию об evidence — свидетельства присутствия компонента в исходном коде. На момент написания статьи cdxgen является единственной Open Source-утилитой, которая обладает подобной функциональностью. Мы опишем математику, используемую "под капотом", и объясним, почему решили интегрировать результаты работы режима в наших продуктах. Статья получилась достаточно объемной, поэтому мы решили разделить её на две части. В первой мы рассмотрим, что представляет собой объект Evidence с точки зрения SBOM. Опишем базовые математические понятия, которые необходимы для понимания работы утилиты evinse в части построения расширенного SBOM. Здесь же рассмотрим первый вид нарезки использования. Во второй части статьи мы поговорим про остальные виды нарезок — срезы потоков данных и достижимости. Разберем, наконец-то, как из них получается SBOM. Итак, погнали!</p><p><a href="https://habr.com/ru/companies/swordfish_security/articles/840922/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">habr.com/ru/companies/swordfis</span><span class="invisible">h_security/articles/840922/</span></a></p><p><a href="https://zhub.link/tags/cdxgen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cdxgen</span></a> <a href="https://zhub.link/tags/evinse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>evinse</span></a> <a href="https://zhub.link/tags/SCA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SCA</span></a> <a href="https://zhub.link/tags/software_composition_analysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>software_composition_analysis</span></a> <a href="https://zhub.link/tags/ast" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ast</span></a> <a href="https://zhub.link/tags/slice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>slice</span></a> <a href="https://zhub.link/tags/program_analysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>program_analysis</span></a> <a href="https://zhub.link/tags/static_analysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>static_analysis</span></a> <a href="https://zhub.link/tags/sbom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sbom</span></a> <a href="https://zhub.link/tags/cyclonedx" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyclonedx</span></a></p>
Nordic Software Security Summi<p>The Software Bill of Materials (SBOM) is in the spotlight - many regulations world wide point to the SBOM as a central document in vulnerability handling. But are all SBOMs really useful? Listen to Daniel Liszka talk about "SBOMs that you can trust - the good, the bad and the ugly" at the Nordic Software Security Summit in September. Register today at <a href="https://nsss.se" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">nsss.se</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a> <a href="https://mastodon.social/tags/CYCLONEDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CYCLONEDX</span></a> <a href="https://mastodon.social/tags/SPDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SPDX</span></a> <a href="https://mastodon.social/tags/NSSS24" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSSS24</span></a><br><span class="h-card" translate="no"><a href="https://infosec.exchange/@CycloneDX" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>CycloneDX</span></a></span></p>
Oej<p>Are you implementing SBOM in your software? If so, please join the work on the OWASP Transparency Exchange API. We are working to standardise the exchange of various artefacts, including SBOM and VEX files.</p><p>Read more on <a href="https://github.com/CycloneDX/transparency-exchange-api" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/CycloneDX/transpare</span><span class="invisible">ncy-exchange-api</span></a></p><p><a href="https://infosec.exchange/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SBOM</span></a> <a href="https://infosec.exchange/tags/OWASP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OWASP</span></a> <a href="https://infosec.exchange/tags/CYCLONEDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CYCLONEDX</span></a> <a href="https://infosec.exchange/tags/SPDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SPDX</span></a></p>