Hackernews posts about SBOMs

  1. Could lockfiles just be SBOMs? (nesbitt.io)
    77 points by zdw 15 days ago | 62 comments
  2. SBoM – treating dependencies like code, not artifacts (mz.attahri.com)
    2 points by mohamedattahri about 4 hours ago | 1 comments
  3. Nix State of the SBoM (arnout.engelen.eu)
    2 points by todsacerdoti 14 days ago | 1 comments
  4. Show HN: Enroll, a tool to reverse-engineer servers into Ansible config mgmt (enroll.sh)
    265 points by _mig5 7 days ago | 55 comments
  5. Yocto, RockPi and SBOMs: Building modern embedded Linux images (vpetersson.com)
    161 points by mvip 11 months ago | 123 comments
  6. SBOMs Remain, Attestations Out – Amendments to Executive Order 14144 (rearmhq.com)
    11 points by taleodor 7 months ago | discuss
  7. SBOMs for Medical Devices (2023) (danacrane.medium.com)
    4 points by mooreds 6 months ago | discuss
  8. Show HN: Xbom – Generate AI and SaaS-Aware SBOMs from Code Using Static Analysis (github.com)
    3 points by abhisek 7 months ago | discuss
  9. C SBOMs, and how pkgconf can solve this problem (ariadne.space)
    3 points by todsacerdoti 11 months ago | discuss
  10. Why Most SBOMs Fail and What to Do About It (ovalenzuela.com)
    2 points by Tomte 7 months ago | discuss
  11. Socket Joins TC54 to Help Shape the Future of SBOMs, CycloneDX, and PURL (socket.dev)
    2 points by feross 11 months ago | discuss
  12. Firmware SBoMs for open source projects (blogs.gnome.org)
    2 points by JNRowe about 1 year ago | discuss
  13. Show HN: Pre-alpha tool for analyzing spdx SBOMs generated by GitHub (github.com)
    2 points by mnahkies over 1 year ago | discuss
  14. Show HN: Hatch v1.16.0 – workspaces, dependency groups and SBOMs (hatch.pypa.io)
    1 points by ofek about 1 month ago | 1 comments
  15. Show HN: Manage SBOMs like source code (github.com)
    1 points by miraculixx over 1 year ago | 1 comments
  16. Show HN: Firmware GRC tool that generates OSCAL and SBOMs for 122 controls (www.usenabla.com)
    1 points by jdbohrman 4 months ago | discuss
  17. Beyond SBOMs: The Real Gaps in Software Supply Chain Transparency
    1 points by scanosss 5 months ago | discuss
  18. Using SBOMs to detect possible Dependency Confusion (protsenko.dev)
    1 points by protsenko 5 months ago | discuss
  19. Bringing Together SBOMs and Advisories (github.com)
    1 points by giamma 6 months ago | discuss
  20. Rust Will Explode, SBOMs Will Be Duds: Open-Source Predictions (thenewstack.io)
    1 points by gpi about 1 year ago | discuss
  21. Comprehensive Guide to Generating and Understanding SBOMs with Docker and Djang (sbomify.com)
    1 points by todsacerdoti over 1 year ago | discuss
  22. Using a Hardware Root of Trust to Generate Trustworthy SBOMs (edgebit.io)
    1 points by robszumski almost 2 years ago | discuss
  23. Show HN: CLI that spots fake GitHub stars, risky dependencies and licence traps (github.com)
    122 points by artski 8 months ago | 72 comments
  24. Show HN: SecureBuild – Zero-CVE Images That Pay OSS Projects (securebuild.com)
    40 points by grantlmiller 7 months ago | 17 comments
  25. Show HN: I'm building a simple way to package, collaborate, and deploy ML models (kitops.ml)
    9 points by jesserwilliams almost 2 years ago | discuss
  26. Show HN: GemGuard: Ruby gem to scan and auto-fix vulnerable dependencies (github.com)
    3 points by wilburhimself 5 months ago | discuss
  27. Scanoss GitHub Actions Adds Dependency Track Integration
    2 points by scanosss 4 months ago | discuss
  28. Show HN: GemGuard: Ruby gem to scan and auto-fix vulnerable dependencies (github.com)
    2 points by wilburhimself 5 months ago | discuss
  29. Opentemplate – FOSS Python template –> ease, security, SOTA tooling (github.com)
    2 points by opennudge 7 months ago | discuss
  30. Show HN: SCANOSS Now Scans Container Images
    2 points by scanosss 7 months ago | discuss
  31. Show HN: Open-Source Security Monitoring with AI and License Compliance
    1 points by daudmalik06 about 1 year ago | 1 comments
  32. Scanoss Workbench v1.19.0 – new import/export options, viewer mode, SPDX Lite
    1 points by scanosss 4 months ago | discuss
  33. Show HN: Parent Docker Image Transparency And Daily Pull Request Compliance (github.com)
    1 points by kcrane3576 about 1 year ago | discuss
  34. New Python Packaging Proposal Aims to Solve Phantom Dependency Problem With (socket.dev)
    2 points by feross about 1 year ago | discuss