Posts
jbom, an open source project hosted by the Eclipse Foundation generates SBOMs from any Java project. Why is that useful?
Supply chain security is all the rage right now. We've taken a look at the implications as well as the ways of mitigation according the Linux Foundation's answer to supply chain attacks:
To build useful software we don't reinvent the wheel but we base on work already done coming bundled in the form of libraries. The problem is that even a mediocre open source project can have loads of such dependencies which themselves depend on others , forming a lengthy chain. Not a problem per se unless malicious code or security vulnerability finds its way anywhere in this chain.
full article on i-programmer:
https://www.i-programmer.info/news/80-java/16086-jbom-dependency-analysis-for-java-apps.html
Comments