TMCnet News
Anchore Demonstrates How to Further Software Supply Chain Security with Signed SBOMs and Security ReportsSANTA BARBARA, Calif., Sept. 20, 2021 /PRNewswire/ -- Anchore, a leader in software supply chain security, today introduced a demonstration workflow that shows how software producers can create, sign, and share accurate software bill-of-material (SBOM) and security reports to help further the security of software supply chains. As the United States government implements the Executive Order on Improving the Nation's Cybersecurity, federal agencies expect to require SBOMs from their software vendors. Commercial enterprises can also benefit from verifiable documents that attest to the contents and security status of the software they use. The demonstration workflow leverages open source tools Syft, Grype, and Sigstore's Cosign to create and share signed attestations about the security of software applications delivered in containers. The workflow details how software producers can:
The demonstration workflow was developed in partnership with Sigstore and builds off the complementary capabilities of open source tools, Syft, Grype, and Sigstore's Cosign. A detailed blog on how to implement this demonstration workflow is available here and sample code and documentation is available here. Why Software Supply Chain Security is Important Containers make it easy to package software during development, but can bring in multiple open source software (OSS) dependencies as applications move through the DevOps pipeline, creating new security requirements. As a result, 63% of survey respondents plan to increase container use and 60% report improving supply chain security as a top initiative. Anchore and Sigstore Cosign engineers are working in tandem to educate the open source community and raise industry awareness of software supply chain security and available tools to proactively secure the development pipeline. More information about SBOMs and the importance of container attestation for SBOM signing is available in this blog post. About Anchore Media contact: View original content to download multimedia:https://www.prnewswire.com/news-releases/anchore-demonstrates-how-to-further-software-supply-chain-security-with-signed-sboms-and-security-reports-301380386.html SOURCE Anchore |