Dependency Management Data is now a lot easier to work with when using Software Bill of Materials (3 mins read).
Announcing an improved model for interacting with SBOMs, removing the need to understand the Repo Key up-front.
Tag sbom
Quantifying your reliance on Open Source software (State of Open Con version) (20 mins read).
A writeup of my talk about the dependency-management-data project at the State of Open Con 2024 conference.
by 
Jamie Tanna
.
#dependency-management-data
#public-speaking
#state-of-open-con
#soocon24
#open-source
#free-software
#sbom.
Using renovate-to-sbom with the GitHub Dependency Submission API (4 mins read).
How to improve the data in GitHub's Dependency Graph by using an SBOM produced by Renovate data.
by Jamie Tanna
.
#dependency-management-data
#renovate
#sbom
#github.
Liked
Software Bill of Materials (SBOM): The Gateway Drug to Supply Chain Security
by
Post details
Hey, do you know about supply chain security? ... You mean SBOMs?
Introducing snyk-export-sbom to export SPDX and CycloneDX SBOM from Snyk (2 mins read).
Creating a new command-line tool for more easily retrieving Software Bill of Materials (SBOMs) from Snyk, as well as adding licensing information to SBOMs.
by Jamie Tanna
.
#sbom
#snyk.
Using dependency-management-data with npm's SPDX and CycloneDX SBOM export functionality (1 mins read).
How to get started with npm's SBOM export functionality with dependency-management-data.
Introducing renovate-to-sbom to convert Renovate data to Software Bill of Materials (SBOMs) (1 mins read).
Creating a new command-line tool for converting Renovate data exports to Software Bill of Materials (SBOMs).
by Jamie Tanna
.
#dependency-management-data
#renovate
#sbom.
Plea to Software Composition Analysis (SCA) providers and Software Bill of Materials (SBOMs) producers: give us more data! (2 mins read).
Why I think dependency scanning tooling should be providing as much data as possible about scanned projects, to allow other tooling to make better inferences about the data.
by Jamie Tanna
.
#sbom
#dependency-management-data
#persuasive.
New cookbook on the #DependencyManagementData documentation site: Getting Started with SBOM data
Liked
Curl is seen everywhere except your SBOM, why is it missing even though you use it?, Zebra Cat Zebra
Post details
What is curl? curl is an open source command line tool and embeddable library for transferring data over a network.
by Jamie Tanna
.
#security
#curl
#sbom.
Liked
Simplified SBOM Sharing with sbom.sh
Post details
This blog post will explore why sharing SBOMs is vital for software transparency and discuss how to generate SBOMs using sbom.sh efficiently.
by Jamie Tanna
.
#sbom.
Using dependency-management-data with GitLab's Pipeline-specific CycloneDX SBOM exports (1 mins read).
How to take advantage of SBOM export functionality in GitLab 16.4 with dependency-management-data.
dependency-management-data now supports Software Bill of Materials (SBOMs) and has better Dependabot support (2 mins read).
Announcing improved support for Dependabot and support for Software Bill of Materials (SBOMs).
Prefer using the GitHub Software Bill of Materials (SBOMs) API over the Dependency Graph GraphQL API (2 mins read).
Why you should use GitHub's Software Bill of Materials API instead of the Dependency Graph GraphQL API.
Liked
Can Protobom end the SBOM format wars?
Post details
Everything you need to know about securing the software supply chain.
by Jamie Tanna
.
#sbom.
Liked
Build a software bill of materials (SBOM) for open source supply chain security %sep% %sitename% | Snyk
Post details
An SBOM is an inventory of all of the software components you utilize in your applications, made up of third-party open source libraries, vendor provided packages, and first-party artifacts
by Jamie Tanna
.
#sbom.
You're currently viewing page 1 of 1, of 16 posts.