📋 SBOMs - nmarshall · Scour

From SBOMs to AI BOMs: Why SPDX 3.0 Matters

🔌Embedded Systems

You Know What’s In Your Software. But Do You Know What Your AI Agents Are Doing? Enter the AIBOM.

🤖AI agents Blog

·

Trying to make sense of package-manager metadata

5 Software Supply Chain Security Best Practices for Development Teams

🔏SLSA Blog

docker.com··Cited by 1 article

Hexana 0.11 (JetBrains IDEs) release — native-image SBOM + CVE

🛡️Computer Security Blog

·

Less-relevant results

moby/moby client/v0.5.0-rc.1

🔏SLSA Code Release

·

NCSC Warns Of Rising Software Supply Chain Attacks Targeting Open-Source Packages

coreinfrastructure/best-practices-badge sbom-staging-20260611-074ec3d3

🔧Software Engineering Code

·

OWASP Dependency-Track 5.0 Is Now Generally Available

🗄️Databases Blog

owasp.org··Hacker News

GlassFish 8.0.3 Released: Performance optimizations and security fixes

🛡️Computer Security

omnifish.ee··r/java

SAST vs SCA: Key Differences for AppSec Teams

🔍Static Analysis

orca.security·

Announcing Determinate Secure Packages 26.05

🛡️Computer Security Blog

determinate.systems··Hacker News

moby/moby api/v1.55.0-rc.1

🔏SLSA Code Release

·

CRA for Manufacturers

🔧Right to Repair

thomas-huehn.com··Cited by 1 article

Five Supply Chain Security Risks Hiding Inside Your Mobile Apps

🔌Embedded Blog

supplychainbrain.com·

npm v12 delivers one of the biggest security improvements in years

🧠AI Blog

Two-Thirds of Open Source Community Unaware of Cyber Resilience Act

🌟cool github projects News

infosecurity-magazine.com··Cited by 1 article

Meet the new Sovereign Tech Fellows

🌟Open Source

sovereign.tech··Lobsters·Cited by 2 articles

You can fork a package, but can you own it?

event-driven.io·

Docker Hardened Images enhanced vulnerability scanning with Docker and Aikido

🛡️Computer Security Blog

Log in to enable infinite scrolling