Our great sponsors
-
I have investigated a bunch of standardized formats - SPDX, CycloneDX, etc. All of them are unsuitable for a variety of reasons, chief of which are being way too verbose and including timestamps, which would break reproducible builds.
-
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems
The data format is supported by cargo audit, Syft and Trivy. Reading it from your own tools is also very easy.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
The data format is supported by cargo audit, Syft and Trivy. Reading it from your own tools is also very easy.
-
The moment you stray from the well-trodden path, you run into behavioral difference between linkers or compiler bugs or straight up mysterious issues.
Related posts
- The Tailscale Universal Docker Mod
- Launch HN: EdgeBit (YC W23) – live software vulnerability analysis
- Building a software bill of materials (SBOM) using open source tools
- Is there a good example of an open source non-trivial (DB connection, authentication, authorization, data validation, tests, etc...) Go API?
- What are your top self hosted services that you are very satisfied with ?