pmonks · @pmonks
148 followers · 2427 posts · Server sfba.social@malwarejake replying only to add some hopefully relevant hashtags that capture more eyeballs: #SBOM #SPDX #CycloneDX
Rory · @rory
336 followers · 994 posts · Server infosec.exchange
SBOMs for everyone! You get an SBOM, and you get an SBOM ...
https://www.darkreading.com/dr-tech/ibm-contributes-supply-chain-security-tools-to-owasp
Ben Stroz6i · @stroz
131 followers · 674 posts · Server infosec.exchangeIf you're looking for an SCA and/or DAST tool that doesn't break the bank, check out SOOS, it's pretty rad and has super simple pricing: https://soos.io/
#sca #SBOM #SBOMs #dast #cyclonedx
Steve Springett :verified: · @stevespringett
142 followers · 80 posts · Server infosec.exchangeIām pleased to announce that Philippe Ombredanne has joined the #CycloneDX Industry Working Group. Philippe is the CTO of nexB, a company specializing in open source compliance. He is the creator of Package URL (purl) which is now supported by most SCA vendors.
Purl is vitally important to the appsec & infosec industry. Philippe is the co-founder of SPDX and his company maintains the largest open database of licenses. He is very active in opensource and frequently speaks at FOSDEM.
Looking forward to working with you Philippe.
Also, shout out to our entire Industry Working Group. Your guidance and feedback this year has been invaluable.
https://cyclonedx.org/about/working-groups/#industry-working-group
prabhu · @prabhu
7 followers · 7 posts · Server infosec.exchange
Early Black Friday deal: #cdxgen (#CycloneDX Generator) 5.0.1 is out now with #SBoM support for:
ā
docker/OCI images with OS packages (Powered by #Trivy)
ā
Rust binary (Powered by Cargo Auditable)
#cdxgen #cyclonedx #SBOM #trivy
Sam Stepanyan :verified: š · @securestep9
130 followers · 35 posts · Server infosec.exchange
@int0x33 also check out #CycloneDX from #OWASP. #CycloneDX is an #SBOM standard of choice for many large companies and the open source community. CycloneDX supports numerous use cases (including non-software Bill of Materials) and VEX Vulnerability eXploitability Exchange
Dropwizard · @dropwizard
49 followers · 109 posts · Server fosstodon.orgDropwizard Metrics 4.2.10 has been released with a few dependency updates and improvements.
With this release, we are publishing #SBOM|s (via #CycloneDX) for each module.
Release notes: https://github.com/dropwizard/metrics/releases/tag/v4.2.10
Discussion: https://github.com/dropwizard/metrics/discussions/2681
Dropwizard · @dropwizard
49 followers · 109 posts · Server fosstodon.orgDropwizard 2.0.30 has been released with a few dependency updates.
Starting with this release, we are publishing #SBOM|s (via #CycloneDX) for each module.
Release notes: https://github.com/dropwizard/dropwizard/releases/tag/v2.0.30
Discussion: https://github.com/dropwizard/dropwizard/discussions/5418
Dropwizard · @dropwizard
49 followers · 109 posts · Server fosstodon.orgDropwizard Metrics 4.1.32 has been released with a few dependency updates.
Starting with this release, we are publishing #SBOM|s (via #CycloneDX) for each module.
Release notes: https://github.com/dropwizard/metrics/releases/tag/v4.1.32
Discussion: https://github.com/dropwizard/metrics/discussions/2659