https://www.aquasec.com/tag/sboms/ Cloud Native Security, Container Security & Serverless Security Mon, 15 Jul 2024 09:36:37 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/summary-compliance-guide-to-ssdf/ Tue, 24 Jan 2023 11:00:00 +0000 https://www.aquasec.com/?p=14490 NIST has recently researched, defined, and released an entirely new standard for incorporating security into the software development lifecycle called The Secure Software Development Framework.  It was uniquely designed to help address the tremendous gaps in software supply chain security that expose organizations to methodical attacks on an organization’s code, infrastructure, development toolchain, and dependencies. …]]> https://www.aquasec.com/blog/slsa-or-cis-software-supply-chain-security-guidelines/ Thu, 12 Jan 2023 13:43:14 +0000 https://www.aquasec.com/?p=14492 With recent software supply chain attacks on the rise, CISOs being held personally liable, and the United States government requiring minimum security software standards for any products and services they procure, the development industry is refocusing on software development strategies that make security a priority. But with so many reputable sources creating guidance, which is …]]> https://www.aquasec.com/blog/achieve-software-supply-chain-compliance-with-us-executive-order-14028/ Tue, 06 Dec 2022 11:00:00 +0000 https://www.aquasec.com/?p=14537 Thanks to many factors like the rise of the cloud infrastructure, the abundance of prebuilt open-source code, and process improvements in DevOps, innovating with software is happening faster than ever. The software supply chain is the assembly line for these technological innovations and can be thought of as any combination of code, tools, and processes …]]> https://www.aquasec.com/blog/find-new-openssl-vulnerabilities-with-trivy/ Tue, 01 Nov 2022 18:21:44 +0000 https://www.aquasec.com/?p=14568 Today, OpenSSL announced two new CVEs and mitigation recommendations. This blog provides guidance as to how you can identify the Open SSL vulnerability using Trivy. To both identify and mitigate the vulnerability, see this blog post Updated Security Advisory: New OpenSSL Vulnerabilities about mitigation with assurance policies in Aqua’s software supply chain solution. Package installed via …]]> https://www.aquasec.com/blog/gartner-report-sbom-security/ Mon, 02 May 2022 09:30:00 +0000 https://www.aquasec.com/?p=14814 In its recent Innovation Insight for SBOMs report,* Gartner highlights the benefits of using software bills of materials (SBOMs) to secure modern, fast-paced DevOps pipelines. SBOMs shed light on blind spots in the software supply chain by enumerating all proprietary and open source components and enable the effective mitigation of risks. Without this visibility, organizations’ …]]> https://www.aquasec.com/blog/software-supply-chain-security-trivy-sbom/ Thu, 14 Apr 2022 09:30:00 +0000 https://www.aquasec.com/?p=14855 Trivy is an easy-to-use, comprehensive open source scanner that helps developers gain visibility into the software components used in their applications. With the growing awareness about supply chain security, software bills of materials (SBOMs) have become the standard for creating software inventory lists. To simplify this process, Trivy recently added support for generating SBOMs as …]]>