Introduction In our twelfth blog of the ecosystem series, we explore how to generate a Software Bill of Materials (SBOM) for the Ruby (RubyGems) ecosystem. We’ll also be underscoring the vital role of Software Composition Analysis (SCA) in maintaining the safety and...
Open Source Embedded Software Development and Security Blog
SBOM Generation and Vulnerability Monitoring for the Python Ecosystem
Introduction In the eleventh blog in our ecosystem series, we’ll be covering the process of generating a Software Bill of Materials (SBOM) for the Python (PyPI) ecosystem, emphasizing the significance of Software Composition Analysis (SCA) in ensuring the security and...
SBOM Generation and Vulnerability Monitoring for the Dart Ecosystem
Introduction In this blog, we’ll be exploring how to generate a Software Bill of Materials (SBOM) for the Dart (Pub) ecosystem and discuss the importance of Software Composition Analysis (SCA) in maintaining the security and integrity of Dart projects. What is...
SBOM Generation and Vulnerability Monitoring for the NuGet/.NET Ecosystem
Introduction Our tenth blog in our SBOM ecosystem series discusses the creation of a Software Bill of Materials (SBOM) for the NuGet/.NET ecosystem and stresses the importance of Software Composition Analysis (SCA) in maintaining the security and integrity of .NET...
SBOM Generation and Vulnerability Monitoring for the Maven/Java Ecosystem
Introduction In this guide, we look at generating a Software Bill of Materials (SBOM) for the Java/Maven ecosystem and underline the importance of Software Composition Analysis (SCA) in safeguarding the security and integrity of Java applications. What is Maven...
SBOM Generation and Vulnerability Monitoring for the Kotlin Ecosystem
Introduction Today’s post in our ecosystem SBOM generation blog series examines the process of generating a Software Bill of Materials (SBOM) for the Kotlin ecosystem and highlights the significance of Software Composition Analysis (SCA) in maintaining the security...
SBOM Generation and Vulnerability Monitoring for the Hex/Erlang/Elixir Ecosystem
Introduction In this blog, we explore generating a Software Bill of Materials (SBOM) for the Erlang/Elixir (Hex) ecosystem and discuss the importance of Software Composition Analysis (SCA) in maintaining the security and integrity of Erlang and Elixir projects. ...
SBOM Generation and Vulnerability Monitoring for the Hackage/Haskell Ecosystem
Introduction The fifth blog in our series, today we’re exploring how to generate a Software Bill of Materials (SBOM) for the Haskell (Hackage) ecosystem and the importance of Software Composition Analysis (SCA) in maintaining the security and integrity of Haskell...
SBOM Generation and Vulnerability Monitoring for the Go Ecosystem
Introduction In this fourth blog of our SBOM generation for various ecosystems series, we explore generating a Software Bill of Materials (SBOM) for the Go language ecosystem and review the significance of Software Composition Analysis (SCA) in maintaining the...
SBOM Generation and Vulnerability Monitoring for Debian Containers
Introduction This is our third blog in our SBOM Generation and Vulnerability Monitoring series focusing on specific ecosystems. Today, we’ll explore the process of generating a Software Bill of Materials (SBOM) for Debian Linux-based containers and discuss the...
SBOM Generation and Vulnerability Monitoring for Debian
Introduction Welcome back to our blog series on generating SBOMs and monitoring vulnerabilities for different ecosystems. In this second blog of the series, let’s explore how to generate an SBOM for the Debian Linux distribution and examine the significance of...
SBOM Generation and Vulnerability Monitoring for the Crates.io/Rust Ecosystem
Introduction Welcome to our blog series on Software Bill of Materials (SBOM) generation tools for various ecosystems. In this post, we’ll explore the Rust ecosystem, specifically Cargo/Crates.io, and discuss the significance of SBOMs and Software Composition Analysis...
SBOM Generation and Vulnerability Monitoring for the Node.js Ecosystem
Introduction In this article, we’ll dive into creating a Software Bill of Materials (SBOM) for the Node.js (npm) ecosystem and emphasize the critical role of Software Composition Analysis (SCA) in ensuring the security and reliability of Node.js applications. For the...
FreeRTOS SBOM Generation and CVE Scanning
Understanding the Importance of CVE Scanning with SBOMs Scanning your open source software for CVEs (Common Vulnerabilities and Exposures) is a very important maintenance step for any software project. An Introduction to CVE Scanning and SBOMs Generally, these...
Securing Your Software: Generating SBOMs from Linux Binaries and Scanning for CVEs Without Source Code
Why Scanning for CVEs is Essential in Open Source Software Maintenance Scanning your open source software for CVEs (Common Vulnerabilities and Exposures) is a very important maintenance step for any software project. Generally, these CVEs are stored in publicly...
What SBOM Generation Tool is Best for Your Python Application?
When creating a Software Bill of Materials (SBOM) for your Python application, one of the best tools to use is Syft. Recommended Tool: Syft Syft is a CLI tool and Go library for generating Software Bill of Materials (SBOM) from container images and filesystems....
Choosing the Right SBOM Tool: A Comparison of Top SBOM Generation Tools
Choosing the right SBOM generation tool for your needs can be a daunting and challenging task, given the wide array of options available and ecosystems to work within. A well-formed SBOM should: contain all the elements required for you to meet the NTIA “minimum...
Choosing the Right SBOM Generation Tool: Key Criteria for Evaluating SBOM Generation Tools
As you know, choosing the right SBOM generation tool plays a pivotal role in open source security, compliance, and project efficiency. The consequences of using an unsuitable tool can be severe, from incomplete or inaccurate information to missed security updates and...
Choosing the Right SBOM Generation Tool: Why is it a Critical Step in Open Source Security?
In today’s constantly evolving world of software development where the use of open source components has become the norm and vulnerability risks are a weekly hurdle, ensuring the security and compliance of your projects may seem like an impossible feat – but it is...