#securesupplychain — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #securesupplychain, aggregated by home.social.

Hacker News @[email protected] · 2025-05-12 · 16:00 UTC

Demonstrably Secure Software Supply Chains with Nix
https://nixcademy.com/posts/secure-supply-chain-with-nix/
#HackerNews #DemonstrablySecureSoftwareSupplyChains #Nix #SecureSupplyChain #SoftwareDevelopment #DevOps

#hackernews #demonstrablysecuresoftwaresupplychains #nix #securesupplychain #softwaredevelopment #devops
Oej @[email protected] · 2023-09-02 · 14:46 UTC

At the heart of the CVE process and the matching done with the NVD database is the name of the manufacturer and the artefact - the software, system, library or mobile application. It's vital for this to work that the name in the #SBOM is correct to make the match work. The community has developed #PURL - package URL - to improve but so far the CVE/NVD eco system has not adopted PURL.
This needs to be fixed to make sure that the name in the SBOM matches the right set of vulnerabilities.
#SBOM #securesupplychain #CycloneDX #OpenVEX #VEX #OpenSource

#sbom #purl #securesupplychain #cyclonedx #openvex #vex
ToddySM @[email protected] · 2023-04-25 · 15:25 UTC

Managing #vulnerabilities for #containers is not as simple as for VMs. It is hard to turn the wheel of an industry that has been doing this for years - needs a lot of education. #securesupplychain #security #softwaresupplychain

#vulnerabilities #containers #securesupplychain #security #softwaresupplychain
Cloud Native Yoda @cloudnativeyoda · 2022-12-11 · 15:28 UTC

secure supply chains alone secure software do not make
#sbom #slsa #securesupplychain

#sbom #slsa #securesupplychain