CVEDatabase.com7h ago

Security Tip: Implement an SBOM workflow. πŸ›‘οΈ

An SBOM is like an ingredient list for your code. In the event of a zero-day or a new supply chain vulnerability, an SBOM allows your security team to quickly identify affected assets without manual code audits.

Tools like Syft or CycloneDX can automate this process in your CI/CD pipeline.

Stay updated on the latest vulnerabilities: https://cvedatabase.com

#InfoSec #SBOM #SupplyChainSecurity #DevSecOps

CVEDatabase.com - Search & Analyze CVE Vulnerabilities

Search and analyze CVE vulnerabilities with instant access to CVSS scores, affected products, and AI-powered remediation guidance.

CVEDatabase.com
anchore18h ago

FedRAMP compliance in weeks, not months ⚑

Ready-to-deploy policy packs for instant compliance feedback πŸ“‹

https://anchore.com/platform/enforce/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance

anchore2d ago

Remember the panic of Log4Shell? Security teams spent days hunting for every instance of the vulnerability. But what if you could know where every instance was in just five minutes?

➑️ Go from reactive chaos to proactive precision with SBOMs. Watch the webinar to see how: https://go.anchore.com/rapid-incident-response-with-sboms/ #SBOM #Security #AppSec #IncidentResponse

Grype2d ago
Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=5jT7yhBi5CM #SBOM #VulnerabilityScanning
Syft2d ago
Missed our Open Source stream? Catch the recording to hear about the latest Syft, Grype, and roadmap updates! https://www.youtube.com/watch?v=5jT7yhBi5CM #SBOM #VulnerabilityScanning
Syft3d ago
Syft users! πŸ“£ We want to hear from YOU! Take our quick 5-question survey to help shape the future of Syft. Your feedback is invaluable! πŸ‘‰ https://forms.gle/VJZ7idKZgchminYD7
#Syft #SBOM #OpenSource
securefirmware3d ago
Jump, jump, jump around with more than 3500 Github stars ... We did it and EMBA reached the next milestone. Thank you all for using/staring and supporting EMBA. Keep on going and build your own #SBOM and make #firmware and #IoT more #secure with EMBA https://github.com/e-m-b-a/emba
Docker Blog3d ago

How to Generate an SBOM for Container Workflows
#Docker #Products #Concepts #DockerHardenedImages #DockerScout #SBOM #Security

https://www.docker.com/blog/sbom-generation-for-container-workflows/

SBOM Generation for Container Workflows | Docker

Learn when, where, and how to generate SBOMs for container images. Covers build-time vs. post-build approaches, quality criteria, and CI/CD integration.

Docker
Ingo Lantschner4d ago

Ein gekaperter Baustein: der Polyfill-Vorfall auf diesem Blog

Ein fremdes Script auf diesem Blog war zur Phishing-Falle geworden. Was passiert ist, was du wissen musst und wie ich es abgestellt habe.
https://ingo.lantschner.name/post/2026-06-25_polyfill-supply-chain/

#Sicherheit #SupplyChain #Polyfill #CSP #SBOM #Hugo #Selfhosting #Phishing #KaTeX #Webentwicklung

Ein gekaperter Baustein: der Polyfill-Vorfall auf diesem Blog

Ein fremdes Script auf diesem Blog war zur Phishing-Falle geworden. Was passiert ist, was du wissen musst und wie ich es abgestellt habe.

Varia
Schenkl | πŸ³οΈβ€πŸŒˆπŸ¦„4d ago

Was macht eins mit den ganzen #SBOM JSONs, die aus dem #Harbor Container Image Scanner rausfallen?

Habe versucht die per Loki in Grafana zu verwenden, das scheitert an den Arrays, und sonst wΓΌsste ich nicht wohin?

Ich mΓΌsste die mindestens sinnvoller durchsuchen kΓΆnnen.

So Package Name reinwerfen, Version und ImageName raus.

Klar geht das mit grep auf der Bash, aber das kann ich keinem vom Management so geben...