| Tweetovi |
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
8. sij |
|
CycloneDX Maven Plugin v1.6.0 now available.
This version, by default, will now automatically install or deploy the #SBOM to your Maven repository.
When components are released, the corresponding SBOM is released as well. Thanks to @mfriedenhagen for the pull request.
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
4. sij |
|
CycloneDX for Node.js v1.1.0 released.
This release is mainly quality-based although it contains some XML refactoring which did eliminate a few defects.
|
||
|
|
||
| CycloneDX SBOM Spec proslijedio/la je tweet | ||
|
Steve Springett
@stevespringett
|
3. sij |
|
I’m working on a #CycloneDX schema extension that would provide the ability to document external services in an #SBOM.
This is a capability I’ve needed for a long time.
Anyone interested in this concept is invited to provide feedback and guidance.
github.com/CycloneDX/spec…
|
||
|
|
||
| CycloneDX SBOM Spec proslijedio/la je tweet | ||
|
Steve Springett
@stevespringett
|
31. pro |
|
Looking to improve #SoftwareSupplyChain security in 2020? Consider #SBOM.
As @allanfriedman points out, it “will be one of THE big cybersecurity issues of 2020”.
Also, thread for acknowledging contributors helping to educate and deliver SBOM info and tools.
Let’s do this twitter.com/allanfriedman/…
|
||
|
|
||
| CycloneDX SBOM Spec proslijedio/la je tweet | ||
|
Steve Springett
@stevespringett
|
19. pro |
|
If you’re into #SoftwareSupplyChain and want to join a #hackathon where you’re using comply-to-connect to retrieve #CycloneDX or #SPDX SBOMs and real-time analysis, this could be a lot of fun.
Info:
github.com/oasis-tcs/open…
#SBOM Details:
github.com/oasis-tcs/open…
#HappyHacking twitter.com/MdMisi/status/…
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
9. pro |
|
Listen to @allanfriedman talk about the importance of Software Bill-of-Materials (and Twinkies).
Then discover how CycloneDX, an opensource SBOM format, can help.
cyclonedx.org
#SoftwareSupplyChain #SBOM #opensource #CycloneDX twitter.com/securityweekly…
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
5. pro |
|
CycloneDX for PHP Composer v1.0.0 is now available from #packagist.
Special thanks to @nscur0 for making this release possible.
This release creates CycloneDX #SBOM from PHP Composer projects. Supports PHP v5.5 and higher (including v7).
packagist.org/packages/cyclo…
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
20. stu |
|
#Erlang and #ElixirLang community rejoice. @voltonez has created two CycloneDX build tools that create Software Bill-of-Materials from existing projects.
Mix Task:
hex.pm/packages/sbom
Rebar3:
hex.pm/packages/rebar…
#SBOM #SoftwareSupplyChain #SCRM
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
20. stu |
|
An initial version of CycloneDX for #PHP Composer has been published to #Packagist
packagist.org/packages/cyclo…
Special thanks to @nscur0 for contributing all the code to make this possible. Feedback encouraged prior to release.
#SBOM #SoftwareSupplyChain #SCRM
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
20. stu |
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
14. stu |
|
CycloneDX for .NET Core v0.9.0 has been released. This version corrects many code quality issues and is highly recommended. Special thanks to @coderPatros for the massive pull request.
nuget.org/packages/Cyclo…
#SBOM
|
||
|
|
||
| CycloneDX SBOM Spec proslijedio/la je tweet | ||
|
Allan Friedman will be missing Shmoo this year
@allanfriedman
|
12. stu |
|
It’s time to move forward on making #SBOM a reality. Thanks to all of you who came together and established a commin vision of SW transparency and how we can better defend ourselves. Check out the docs, and join in for next steps! twitter.com/NTIAgov/status…
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
27. lis |
|
Our CI builds have moved from travis-ci to GitHub Actions.
Build status badges have been updated to reflect this change. We’ve been testing for months, and now have seamless CI integration with GitHub.
core-java
.net
gradle
maven
node
python
ruby-gem
rust-cargo
specification
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
24. lis |
|
Thanks to Bram for creating an Elixir task for generating CycloneDX BOMs. If you develop in Elixir/Erlang, take a look at this project and the value that software bill-of-materials provide.
#Erlang #elixirlang #SBOM twitter.com/voltonez/statu…
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
12. lis |
|
We’ve had many requests for CocoaPods, Go, and PHP Composer implementations. If you’re interested in SBOMs and are an OSS developer, the community could certainly benefit from code contributions.
github.com/CycloneDX
#sbom #cocoapods #objectivec #php #golang #opensource
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
21. ruj |
|
CycloneDX Vulnerability Extension v1.0 is now available. With this optional schema extension, it’s now possible to specify vulnerabilities for components inside an #SBOM.
Thanks to @Sonatype for the contribution.
Details and examples here: cyclonedx.org/ext/vulnerabil…
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
18. ruj |
|
Just Released: CycloneDX .NET Core v0.5 now includes extended support for processing packages.config. Thanks to a community member for the pull request!
nuget.org/packages/Cyclo…
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
14. ruj |
|
Dependency Graph v1.0 schema extension has been released. This optional schema extends a BOMs capabilities by allowing the author to specify component dependencies within the BOM.
cyclonedx.org/ext/dependency…
#SBOM
|
||
|
|
||
|
CycloneDX SBOM Spec
@CycloneDX_Spec
|
10. ruj |
|
CycloneDX encourages the development of extension schemes to support additional use cases. One such example is a #vulnerability schema that would allow known vulns to be documented for each component or the asset/app the #SBOM describes.
Feedback:
github.com/CycloneDX/spec…
|
||
|
|
||
| CycloneDX SBOM Spec proslijedio/la je tweet | ||
|
Steve Springett
@stevespringett
|
5. ruj |
|
An SCA vendor is contributing a vulnerability schema extension that would lay on top of a @CycloneDX_Spec #SBOM.
If you have interest in this area, please check out the pull request, discussion, and contribute to making the extension useful for all.
github.com/CycloneDX/spec…
|
||
|
|
||