33 matches found
Poking around in the Dark: Why a Shared Understanding of Components Matters
By listing the components included in an application, Software Bills of Materials SBOMs are intended to support the timely identification of vulnerable components and ensure the security of the software supply chain. However, we question the underlying assumption that there is agreement on the...
Towards Predicting Multi-Vulnerability Attack Chains in Software Supply Chains from Software Bill of Materials Graphs
Software supply chain security compromises often stem from cascaded interactions of vulnerabilities, for example, between multiple vulnerable components. Yet, Software Bill of Materials SBOM-based pipelines for security analysis typically treat scanner findings as independent per-CVE Common...
spdx-sboms
No d...
aicerberus
AICerberus 🐺 AI supply chain security scanner — one comma...
Uncovering Hidden Inclusions of Vulnerable Dependencies in Real-World Java Projects
Open-source software OSS dependencies are a dominant component of modern software code bases. Using proven and well-tested OSS components lets developers reduce development time and cost while improving quality. However, heavy reliance on open-source software also introduces significant security...
CVE-2024-39909
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...
A Practical Solution to Systematically Monitor Inconsistencies in SBOM-Based Vulnerability Scanners
Software Bill of Materials SBOM provides new opportunities for automated vulnerability identification in software products. While the industry is adopting SBOM-based Vulnerability Scanning SVS to identify vulnerabilities, we increasingly observe inconsistencies and unexpected behavior, that resul...
SBOMVerifierGoPoC
🔍 SBOM Verifier for Go !Pythonhttps://img.shields.io/badg...
EUVD-2023-0732
Malicious code in bioql PyPI...
EUVD-2022-25047
Malicious code in bioql PyPI...
EUVD-2024-2252
Malicious code in bioql PyPI...
fleetdeck-poc
FleetDeck PoC !Go Versionhttps://img.shields.io/badge/go-...
CISA, NSA, and Global Partners Release a Shared Vision of Software Bill of Materials (SBOM) Guidance
CISA, in collaboration with NSA and 19 international partners, released joint guidance outliningA Shared Vision of Software Bill of Materials SBOM for Cybersecurity. This marks a significant step forward in strengthening software supply chain transparency and security worldwide. An SBOM is a form...
CISA: 2025 Minimum Elements for a Software Bill of Materials (SBOM)
CISA is requesting public comment on its updated guidance on Software Bill of Materials SBOM to reflect the current state of maturity in software transparency and supply chain security. Building on the 2021 NTIA SBOM Minimum Elements, this update aims to help agencies and organizations to manage...
NodeShield: Runtime Enforcement of Security-Enhanced SBOMs for Node.Js
The software supply chain is an increasingly common attack vector for malicious actors. The Node.js ecosystem has been subject to a wide array of attacks, likely due to its size and prevalence. To counter such attacks, the research community and practitioners have proposed a range of static and...
melange 安全漏洞
melange is a Chainguard open source for building APKs from source code. A security vulnerability exists in melange versions prior to 0.23.0 through 0.29.5, which stems from improperly set permissions on the SBOM file, which could lead to a tampering attack...
Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)
Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials SBOM Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to...
CVE-2024-39909 SQL Injection in the KubeClarity REST API
KubeClarity is a tool for detection and management of Software Bill Of Materials SBOM and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource /api/applicationResources via the following parameter packageID. As it can be seen in...
Guidance: Assembling a Group of Products for SBOM
Today, CISA published Guidance on Assembling a Group of Products created by the Software Bill of Materials SBOM Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to...
GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains
Google on Wednesday announced the 0.1 Beta version of GUAC short for Graph for Understanding Artifact Composition for organizations to secure their software supply chains. To that end, the search giant is making available the open source framework as an API for developers to integrate their own...