Codenotary has extended the reach of its platform for automatically generating software bills of materials (SBOMs) to serverless computing platforms running software constructed using functions. Codenotary CTO Dennis Zimmer said because serverless apps are dynamically created, it’s not possible to generate SBOMs using traditional approaches. The TrueSBOM platform makes it possible to create an SBOM […]
Rezilion Adds Windows Support to Dynamic SBOM Tool
Rezilion has added support for Windows applications to its tool for dynamically generating software bills of materials (SBOMs). Rezilion CEO Liran Tancman said in addition to existing support for Linux applications, it’s now possible to analyze all the components that make up a Windows application runtime environment in real-time. That capability also makes it possible […]
Tanium Uses SBOMs to Automate Vulnerability Remediation
Tanium this week added the ability to detect libraries and software packages with known vulnerabilities within a software bill of materials (SBOM) manifest that can then be used to automate remediation of endpoints running vulnerable code. Pete Constantine, senior vice president of product management for Tanium, said the Tanium Software Bill of Materials (SBOM) module […]
GitBOM Tool Automatically Identifies Software Artifact Components
An open source GitBOM tool, discussed at the Open Source Summit Europe conference this week, can automatically track every source code file incorporated into each built artifact. Nell Shamrell-Harrington, a principal software engineer for Microsoft, told conference attendees via a video link that the GitBOM tool, based on a compact Artifact Dependency Graph (ADG) technology, […]
DevOps Connect: DevSecOps — Building a Modern Cybersecurity Practice
Malicious actors are constantly looking for new ways to gain access to sensitive data and corrupt systems. As software supply chain attacks are on the rise, security has become a top priority and a growing area in the regulatory and standards landscape. DevOps teams need to approach security as an ongoing part of the software […]