#sbom — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sbom, aggregated by home.social.
-
📰 CISA and G7 Partners Release New Guidance for AI SBOMs
CISA and G7 partners have released new guidance on creating a Software Bill of Materials for AI (AI SBOM). The goal is to bring transparency to the AI supply chain by listing the 'ingredients' of AI models. 🤖📄 #AISecurity #SBOM #CISA #G7
-
Global Agencies Unveil AI Supply Chain Risk Guidance with SBOMs
Global agencies have joined forces to release groundbreaking guidance on AI supply chain risk, outlining minimum elements for Software Bill of Materials (SBOMs) to enhance security and transparency. This crucial step forward aims to tackle the complex challenges of measuring and defining AI risks across organizations.
#AiSupplyChain #SoftwareBillOfMaterials #Sbom #ArtificialIntelligence #G7
-
Erfolgreich scheitern mit #NPM- und #PyPI-Paketen. 🤗
"zuletzt jeweils auf über 11 Millionen Downloads pro Woche. Und das sind nur zwei von insgesamt 416 Software-Paketversionen, die die Socket-Forscher in ihrem Bericht als betroffen auflisten."
Die Ursache liegt eher bei den Entwicklern: 🙈
"Softwareentwickler, die NPM- oder PyPI-Pakete im Einsatz haben, sollten dringend prüfen, ob sie möglicherweise eine oder mehrere betroffene Versionen der kompromittierten Pakete heruntergeladen haben. Ist dies der Fall, so sind die jeweiligen Systeme als kompromittiert zu betrachten."
Die Sorglosigkeit scheint Programm zu sein. Erfahrene Entwickler werden leiden weil der gesamte Bereich nun im schlechten Licht gesehen wird. 🙄
Ohne #SBOM und sorgfältiger Umgang mit Dritt-Software ist es sehr riskant. 🙁
Fragen Sie erfahrene Entwickler wie man sicherer im #Internet die Entwicklung betreiben muss. Ob #NPM- und #PyPI-Pakete, es gibt Verfahren die deutlich weniger Fehler zulassen. 🙂
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=N-6Sc5CQwI0 #SBOM #Vulnerability
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=N-6Sc5CQwI0 #SBOM #Vulnerability
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=N-6Sc5CQwI0 #SBOM #Vulnerability
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=N-6Sc5CQwI0 #SBOM #Vulnerability
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=N-6Sc5CQwI0 #SBOM #Vulnerability
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=N-6Sc5CQwI0 #SBOM #Vulnerability
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=N-6Sc5CQwI0 #SBOM #Vulnerability
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=N-6Sc5CQwI0 #SBOM #Vulnerability
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=N-6Sc5CQwI0 #SBOM #Vulnerability
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=N-6Sc5CQwI0 #SBOM #Vulnerability
-
If software supply chain is part of your day, Cybeats is worth knowing. Gold Sponsor at AppSec Village this year — thanks for the support!
Learn more about them here: https://www.cybeats.com/
-
If software supply chain is part of your day, Cybeats is worth knowing. Gold Sponsor at AppSec Village this year — thanks for the support!
Learn more about them here: https://www.cybeats.com/
-
If software supply chain is part of your day, Cybeats is worth knowing. Gold Sponsor at AppSec Village this year — thanks for the support!
Learn more about them here: https://www.cybeats.com/
-
If software supply chain is part of your day, Cybeats is worth knowing. Gold Sponsor at AppSec Village this year — thanks for the support!
Learn more about them here: https://www.cybeats.com/
-
Security Tip: Transparency is key to a secure software stack. 🛡️ Implementing a Software Bill of Materials (SBOM) allows your team to maintain a comprehensive inventory of all components. When a new vulnerability breaks, an SBOM helps you identify affected systems in minutes, not days. Stay informed on the latest vulnerabilities and remediation steps at https://cvedatabase.com #CyberSecurity #InfoSec #SBOM #SoftwareSupplyChain #CVE
-
Security Tip: Transparency is key to a secure software stack. 🛡️ Implementing a Software Bill of Materials (SBOM) allows your team to maintain a comprehensive inventory of all components. When a new vulnerability breaks, an SBOM helps you identify affected systems in minutes, not days. Stay informed on the latest vulnerabilities and remediation steps at https://cvedatabase.com #CyberSecurity #InfoSec #SBOM #SoftwareSupplyChain #CVE
-
Security Tip: Transparency is key to a secure software stack. 🛡️ Implementing a Software Bill of Materials (SBOM) allows your team to maintain a comprehensive inventory of all components. When a new vulnerability breaks, an SBOM helps you identify affected systems in minutes, not days. Stay informed on the latest vulnerabilities and remediation steps at https://cvedatabase.com #CyberSecurity #InfoSec #SBOM #SoftwareSupplyChain #CVE
-
Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #VulnerabilityScanning
-
Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #VulnerabilityScanning
-
Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #VulnerabilityScanning
-
Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #VulnerabilityScanning
-
Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #VulnerabilityScanning
-
Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #VulnerabilityScanning
-
Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #VulnerabilityScanning
-
Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #VulnerabilityScanning
-
Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #VulnerabilityScanning
-
Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #VulnerabilityScanning
-
Хватит копировать security YAML: AppSec-слой для Java-проектов через Gradle convention plugin
Практический разбор того, как я вынес security-проверки Java-проектов из разрозненных CI/CD-скриптов в переиспользуемый Gradle plugin
https://habr.com/ru/articles/1032532/
#cicd #gitlabci #java #gradle #gradleplugin #security #sast #sbom
-
Хватит копировать security YAML: AppSec-слой для Java-проектов через Gradle convention plugin
Практический разбор того, как я вынес security-проверки Java-проектов из разрозненных CI/CD-скриптов в переиспользуемый Gradle plugin
https://habr.com/ru/articles/1032532/
#cicd #gitlabci #java #gradle #gradleplugin #security #sast #sbom
-
Хватит копировать security YAML: AppSec-слой для Java-проектов через Gradle convention plugin
Практический разбор того, как я вынес security-проверки Java-проектов из разрозненных CI/CD-скриптов в переиспользуемый Gradle plugin
https://habr.com/ru/articles/1032532/
#cicd #gitlabci #java #gradle #gradleplugin #security #sast #sbom
-
Хватит копировать security YAML: AppSec-слой для Java-проектов через Gradle convention plugin
Практический разбор того, как я вынес security-проверки Java-проектов из разрозненных CI/CD-скриптов в переиспользуемый Gradle plugin
https://habr.com/ru/articles/1032532/
#cicd #gitlabci #java #gradle #gradleplugin #security #sast #sbom
-
The software supply chain is the new invisible perimeter. With threat actors targeting CI/CD pipelines, understanding CWE-1395 is critical for #DevSecOps professionals. Check out our deep dive into supply chain vulnerabilities and SBOMs. https://cvedatabase.com/blog/the-invisible-perimeter-navigating-the-risks-of-software-supply-chain-vulnerabil-2026-05-04 #AppSec #CyberSecurity #SBOM #CWE1395
-
The software supply chain is the new invisible perimeter. With threat actors targeting CI/CD pipelines, understanding CWE-1395 is critical for #DevSecOps professionals. Check out our deep dive into supply chain vulnerabilities and SBOMs. https://cvedatabase.com/blog/the-invisible-perimeter-navigating-the-risks-of-software-supply-chain-vulnerabil-2026-05-04 #AppSec #CyberSecurity #SBOM #CWE1395
-
AI-BOMs Emerge to Secure Enterprise AI Supply Chains
Imagine biting into a mysterious birthday cake without knowing its ingredients or who baked it - that's what it's like for enterprises trying to secure their AI supply chains without visibility into the components used to build their AI systems. Traditional software bills of materials just aren't cutting it in this new landscape.
#AiSupplyChains #ArtificialIntelligence #ShadowAi #Sbom #EnterpriseSecurity
-
El Reg has a story that exactly covers the problem I'm researching right now. It's not just the Devs, the whole company can be exposing secrets, corrupting data...
-
El Reg has a story that exactly covers the problem I'm researching right now. It's not just the Devs, the whole company can be exposing secrets, corrupting data...
-
El Reg has a story that exactly covers the problem I'm researching right now. It's not just the Devs, the whole company can be exposing secrets, corrupting data...
-
El Reg has a story that exactly covers the problem I'm researching right now. It's not just the Devs, the whole company can be exposing secrets, corrupting data...
-
El Reg has a story that exactly covers the problem I'm researching right now. It's not just the Devs, the whole company can be exposing secrets, corrupting data...
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #Vulnerability
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #Vulnerability
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #Vulnerability
-
Join the Anchore Open Source team this Thursday at 12 PM PT for our live stream! We'll cover issues, PRs, & roadmap. https://www.youtube.com/watch?v=52p2WywWq7g #SBOM #Vulnerability
