ToddySMAddressing the Current Challenges of Patching Container VulnerabilitiesWhile working on a process of improving the container secure supply chain, I often need to go over the current challenges of patching…7 min read·Aug 23, 2022----
Dana CraneHow Software Bill Of Materials (SBOMs) Support Secure DevelopmentA Software Bill Of Materials, or SBOM is a list of all the “ingredients” required to build and run your software application, along with…4 min read·Jul 29, 2022----
Ravi SoniCycloneDX SBOM (Software Bill of material) generation with Maven buildNowadays securing the software supply chain is a very important aspect of the software development and delivery ecosystem.4 min read·Jul 14, 2022----
Albert NgoGetting setup quickly with Dependency-Track using Azure Container InstancesIf you want to setup DependencyTrack in Azure, there currently exists a few options (at the time of writing this article, using the Azure…·3 min read·Mar 15, 2022--1--1
Taylor ArmerdingCensus II: Another tool for securing the software supply chainA software bill of materials can help improve your security. The new Census II can help improve it even more.7 min read·Mar 7, 2022--1--1
JINSoftware Supply Chain Attack and 6 Steps to Protect Your Software Supply ChainTerm: Software Supply Chain Attacks, Malicious Code or Components into a Trusted Piece of Software or Hardware·8 min read·Mar 6, 2022----
Dana CraneThe Python 2 Threat In Your Supply Chain Is RealAt ActiveState, we often run into organizations that still have older versions of programming languages deployed in non-production…5 min read·Feb 11, 2022----
ToddySMSignatures, Key Management, and Trust in Software Supply Chains — Part 2: Exploiting SignaturesIn Part 1 of the series Signatures, Key Management, and Trust in Software Supply Chains, I wrote about the basic concepts of identities…9 min read·Feb 8, 2022----
ToddySMSignatures, Key Management, and Trust in Software Supply Chains — Part 1: Identities, Signatures…For the past few months, I’ve been working on a project for a secure software supply chain, and one topic that seems to always start…13 min read·Jan 10, 2022----