Aqua Blog

SBOMs

What To Know: A Summary of the Compliance Guide to SSDF

What To Know: A Summary of the Compliance Guide to SSDF

NIST has recently researched, defined, and released an entirely new standard for incorporating security into the software development lifecycle called The Secure Software Development Framework.  It was uniquely designed to help address the tremendous gaps in software supply chain security that expose organizations to …

Continue reading ›
Should You Use SLSA or CIS Software Supply Chain Security Guidelines?

Should You Use SLSA or CIS Software Supply Chain Security Guidelines?

With recent software supply chain attacks on the rise, CISOs being held personally liable, and the United States government requiring minimum security software standards for any products and services they procure, the development industry is refocusing on software development strategies that make security a priority. …

Continue reading ›
Achieve Software Supply Chain Compliance with US Executive Order 14028

Achieve Software Supply Chain Compliance with US Executive Order 14028

Thanks to many factors like the rise of the cloud infrastructure, the abundance of prebuilt open-source code, and process improvements in DevOps, innovating with software is happening faster than ever. The software supply chain is the assembly line for these technological innovations and can be thought of as any …

Continue reading ›
Find the New OpenSSL Vulnerabilities with Trivy

Find the New OpenSSL Vulnerabilities with Trivy

Today, OpenSSL announced two new CVEs and mitigation recommendations. This blog provides guidance as to how you can identify the Open SSL vulnerability using Trivy. To both identify and mitigate the vulnerability, see this blog post Updated Security Advisory: New OpenSSL Vulnerabilities about mitigation with assurance …

Continue reading ›
Gartner Report for SBOMs: Key Takeaways You Should Know

Gartner Report for SBOMs: Key Takeaways You Should Know

In its recent Innovation Insight for SBOMs report,* Gartner highlights the benefits of using software bills of materials (SBOMs) to secure modern, fast-paced DevOps pipelines. SBOMs shed light on blind spots in the software supply chain by enumerating all proprietary and open source components and enable the effective …

Continue reading ›
Software Supply Chain Security with Trivy: Generating SBOMs

Software Supply Chain Security with Trivy: Generating SBOMs

Trivy is an easy-to-use, comprehensive open source scanner that helps developers gain visibility into the software components used in their applications. With the growing awareness about supply chain security, software bills of materials (SBOMs) have become the standard for creating software inventory lists. To …

Continue reading ›