In a talk at QCon London 2026, Viktor Petersson argued that software teams are running out of time to adopt SBOMs (Software Bills of Materials) due to pending legislative changes in both the US and ...
./uzomuzo scan pkg:npm/inflight@1.0.6 — inflight has 556K dependents, yet its repository is archived and npm has deprecated it. uzomuzo detects this as EOL-Confirmed in seconds. Standard SCA tools ...
As of 2023, Anchore Engine is no longer maintained. There will be no future versions released. Users are advised to use Syft and Grype. For users interested in a supported commercial solution for ...
Tobar, D., Jamieson, J., Priest, M., and Fricke, J., 2025: 7 Recommendations to Improve SBOM Quality. Software Engineering Institute blog, Accessed June 26, 2026 ...
Learn the 5 best practices for container security and how SBOMs play a pivotal role in securing your software supply chain. Before diving into the tools, let’s understand why generating an SBOM for ...
Syft is an open source CLI tool and Go library that generates a Software Bill of Materials (SBOM) from source code, container images and packaged binaries. It is a foundational building block for ...
To really secure software, you need to know what’s inside its code. That’s why a software bill of materials (SBOM) is essential today. It used to be that we didn’t worry that much about our code’s ...