Generating an SBOM is the easy part.
Marc Herren leads a hands-on workshop at DevOpsDays Zรผrich 2026 on professional SBOM management and risk mitigation. Work with OWASP Dependency-Track and VEX to turn static SBOMs into a living security ecosystem.
The EU Cyber Resilience Act demands more than a scan. Learn how to deliver it.
https://www.devopsdays.ch/event/program/workshops/marc-herren/
Scale-out architecture for web-scale environments ๐
Because your containers don't wait for security scans โฑ๏ธ
https://anchore.com/platform/secure/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
"Source code is to build artifacts as data sets are to AI models."
Kate Stewart (The Linux Foundation) explains why you can't trust your AI if you don't know what trained it.
Read why the "S" in SBOM is standing for System: https://anchore.com/blog/the-s-in-sbom-is-for-system/
FedRAMP compliance in weeks, not months โก
Ready-to-deploy policy packs for instant compliance feedback ๐
The EU #CRA means SBOMs are no longer optional.
โ
Generate #SBOM in machine-readable format
โ
Include top-level dependencies
โ
Keep updated throughout product lifecycle
โ
Be ready by December 2027
Get our complete compliance checklist:
Tired of the "it passed on my machine" friction? ๐ค Devs and Security can finally look at the exact same data. Anchore 5.25 aligns AnchoreCTL & our enterprise backend with the same underlying libraries for perfect consistency.
False positives killing your team's productivity? ๐ตโ๐ซ
Anchore Secure gives you signal, not noise ๐ก
https://anchore.com/platform/secure/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
Anchore SBOM Score = CVSS + EPSS + KEV status ๐
Because not all vulnerabilities are created equal โ ๏ธ
https://anchore.com/platform/sbom/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
DevOpsDays Zurich
anchore
Syft
Grype