Awesome! A substandard SBOM is better than none, and a highly detailed SBOM is better than that πŸ€“ then plugging it into something like dependency-management-data or guac to understand more about your software estate is a great next step. Making sure the runtime environment is safer is a great shout too - recently found out about OpenSSF's S2C2F which has some good stuff in there around reducing supply chain security risks too

by Jamie Tanna's profile image Jamie Tanna .

This post was filed under replies.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.