Codenotary released TrueSBOM for Serverless Apps which is an easy to integrate solution to create SBOM and track dependencies for your serverless functions running on AWS Lambda, Google Cloud Functions and Microsoft Azure. SBOM – what is it? Why do you need SBOM (short for software bill of materials) in first place? There is prevalence …
“Most if not all of the hacker attacks on well-known companies in recent years didn’t come about because of weak perimeter defense. Indeed, perimeter defense has proven to be remarkably good. But nowadays, most attacks happen because of big gaps in the security of the development supply chain. In other words, vulnerabilities and malware enter …
Your Application Development Organization Inadvertently Leaves Door Open for Hackers Read More »
The global software supply chain is complex and full of risk. The average software package has over 40 dependencies, which can be easily forgotten or inadvertently introduced during integration. It is important to maintain visibility into these hidden dependencies by using an SBOM (Software Bill of Materials) to understand what you are installing on your …
When hidden Java packages put your company at risk Read More »
As a concept, the Software Bill of Materials (SBOM) isn’t particularly complex: it’s a manifest that identifies the components that make up a particular software artifact. When we start looking at the practical implementation of SBOMs, however, a lot of complexity is suddenly introduced into the equation. You might be wondering what actually goes into …
A software bill of materials (SBOM) is a list of ingredients that make up software components. Therefore, it’s sometimes called a software ingredient list. Although the definition of SBOM seems simple, in practice, it’s used in a much broader context. You would use an SBOM to catalog what your project needs in order to complete …
WHAT IS AN SBOM BILL OF MATERIALS AND WHAT DOES IT DO? Read More »
While it’s great for application developers to write applications in a language that runs seamlessly on many different operating systems, there is a downside to the application’s intention. Ransomware has damaged many companies, causing downtime, money, and sleepless nights. Looking into some statistics you can find damage predictions of $265 billion by 2031. Writing Ransomware …
Rust-based Ransomware can hit anywhere including Windows, Linux and VMware ESXi Read More »
Supply chain attacks are on the rise. Why are they so attractive to cybercriminals? The reason is simple. Most of the industry is not yet ready to efficiently defend against them and once successfully deployed the chances of having a big impact are high. Tampering with the software supply chain of SolarWinds affected 18,000 customers. …
Last weekend the Open Source world was shaken up a bit when a developer maintaining the highly popular libraries faker.js and colors.js sabotaged both projects by breaking their function. The supply-chain dangers from underlying open-source projects were highlighted many times in 2021, the year that ended with the Log4j disaster. But as the new year …
Detect unwanted dependencies in your software like versions of faker.js or colors.js Read More »
On December 10th 2021 the news about a discovered vulnerability in the highly popular Log4j project has shaken up the IT world (and beyond). The vulnerability is tracked as CVE-2021-44228 and allows the unauthenticated, remote code execution on any application that uses Log4j version 2.0-beta9 up to 2.14.1. This bug scores 10 out of 10, …
Apache Log4j vulnerability shows the importance of SBOMs Read More »
Our software prevents and mitigates damage from harmful components in your DevOps environment.
Please let us know where we can send the whitepaper on Codenotary Trusted Software Supply Chain.
Please enter contact information to receive an email with the free trial details.
