NetRise Provenance wants to track who writes your open source code after XZ backdoor scare

https://fed.brid.gy/r/https://nerds.xyz/2026/03/netrise-provenance-open-source-risk/

"SBOMs are not a cure-all... They're effective at managing known vulnerabilities. They don't necessarily extend to detecting unforeseen threats." — Russ Eling

Don't confuse a compliance artifact with a security strategy.

Here is how to bridge the gap: https://anchore.com/blog/sbom-sprawl-paradox/

#SBOM #Compliance

Generating an SBOM is the easy part.

Marc Herren leads a hands-on workshop at DevOpsDays Zürich 2026 on professional SBOM management and risk mitigation. Work with OWASP Dependency-Track and VEX to turn static SBOMs into a living security ecosystem.

The EU Cyber Resilience Act demands more than a scan. Learn how to deliver it.

https://www.devopsdays.ch/event/program/workshops/marc-herren/

#DevOpsDays #DevOps #SBOM #SupplyChainSecurity

Scale-out architecture for web-scale environments 📈

Because your containers don't wait for security scans ⏱️

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

"Source code is to build artifacts as data sets are to AI models."

Kate Stewart (The Linux Foundation) explains why you can't trust your AI if you don't know what trained it.

Read why the "S" in SBOM is standing for System: https://anchore.com/blog/the-s-in-sbom-is-for-system/

#SoftwareSupplyChain #SBOM

FedRAMP compliance in weeks, not months ⚡

Ready-to-deploy policy packs for instant compliance feedback 📋

https://anchore.com/platform/enforce/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance

The EU #CRA means SBOMs are no longer optional.

✅ Generate #SBOM in machine-readable format
✅ Include top-level dependencies
✅ Keep updated throughout product lifecycle
✅ Be ready by December 2027

Get our complete compliance checklist:

🔗 https://anchore.com/sbom/eu-cra/