SCA Articles
SCA Articles
SBOMs in India: Analyzing CERT-In Guidelines
An analysis of the CERT-In guidelines for building and managing an SBOM program, recommended data fields, automation support, and best practices.
The Role of SBOMs in Managing DORA Compliance
An exploration of the importance of SBOMs in complying with the EU's Digital Operational Resilience Act (DORA), focusing on software tracking and monitoring requirements for financial entities.
Winter 2025 FOSSA Product Updates
Explore the new functionalities of FOSSA for managing SBOMs, vulnerabilities, and open source license compliance, including automated NOTICE file recreation and FDA compliance support.
License Compliance, SBOM, and Vulnerability Management for Smaller Teams: FOSSA Business Tier
FOSSA introduces a new business tier tailored for smaller teams, offering flexible pricing and comprehensive features for SBOM, vulnerability management, and license compliance.
Introducing SBOM Policies in FOSSA
Learn about FOSSA's new SBOM policy feature that helps enforce SBOM standards for compliance and security.
A Proposal for the Future of SBOM Minimum Elements
Exploring the next steps for improving SBOM usability across the ecosystem with new data requirements and considerations for vulnerability management.
U.S. Army Announces New SBOM Requirements
The U.S. Army has announced new SBOM requirements for contractors and subcontractors to improve software supply chain security. Learn about the implementation timeline, scope, and how to prepare.
SBOM Requirements in the EU’s CRA (Cyber Resilience Act)
An overview of the Cyber Resilience Act (CRA) and its implications for SBOM requirements, diving into its standards and comparisons to global initiatives.
4 Considerations for Effective SBOM Sharing
Organizations are successfully generating SBOMs for security, regulatory compliance, and business reasons, but struggle with their distribution.
Automate Regulatory Compliance With FOSSA's New SBOM Management Add-On
Introducing FOSSAs new SBOM Management add-on to simplify software inventory and compliance processes.
Understanding SBOM Requirements in PCI DSS
This blog post explores the introduction of SBOM requirements in PCI DSS 4.0, detailing the specific requirements and timelines, and suggesting steps for organizations to prepare for the March 2025 enforcement date.
Defining SBOM Requirements for Software Suppliers
Explore how to effectively define SBOM requirements for software suppliers to ensure transparency and compliance in procurement processes.
SPDX 3.0 Is Released
SPDX 3.0 introduces new profiles for better use case targeting and flexibility. Major upgrades include changes in document structure, profiles, relationships, and creator information.
What’s New in CycloneDX 1.6?
Learn about the new features and improvements in CycloneDX 1.6, including Cryptographic BOM, Attestation support, and Machine Learning BOM enhancements.
SBOM Formats Explained and Compared
Explore different SBOM formats like SPDX and CycloneDX, their specifications, and their implications for software transparency and cybersecurity.
Complying with the FDA’s SBOM Requirements
Explore the FDA's new SBOM requirements for medical devices, detailing the scope, structure, and support information needed for compliance.
Enable Global Visibility and Swift Remediation with Package Index
Explore how FOSSA’s Package Index enhances software supply chain visibility, enabling swift vulnerability detection and remediation.
4 Takeaways from the ESF's OSS and SBOM Management Recommendations
A summary of the key insights from the ESF's latest recommendations on OSS and SBOM management.
Best Practices for Generating High-Quality SBOMs
Explore crucial elements for creating high-quality SBOMs including tooling, integration strategies, configuration, and data fields in compliance with licensing and security requirements.
SBOM Examples, Explained
Explore the world of Software Bill of Materials (SBOMs) with examples and explanations of popular formats like SPDX and CycloneDX.
Understanding and Using SPDX License Identifiers and License Expressions
An overview of SPDX License Identifiers and Expressions and how they streamline open source licensing communication.
5 Ways an SBOM Can Strengthen Security
Explore how a software bill of materials (SBOM) can enhance your organization's security by providing visibility into open source vulnerabilities, improving software supply chain transparency, enabling VEX, supporting vulnerability remediation, and flagging high-risk components.
What’s New in CycloneDX 1.5?
The CycloneDX team released version 1.5, building on existing capabilities and introducing enhancements such as the Authoritative Guide to SBOM.
A Framework for Evaluating SBOM Tools
Evaluate SBOM tools to enhance software bill of materials programs. Discover key criteria for selecting the right SBOM tools, including regulatory compliance, ecosystem support, and usability.
How to Operationalize SBOMs Throughout the SDLC
Discover how businesses can leverage software bill of materials (SBOMs) throughout the software development lifecycle (SDLC) to manage risks including software supply chain security and open-source license compliance.
Announcing Support for CycloneDX and SBOM Import
Discover FOSSA's latest updates enhancing SBOM management and new support for the CycloneDX SBOM standard.
The Massive Implications of Software Freedom Conservancy vs. Vizio
Exploration of Software Freedom Conservancy's lawsuit against Vizio and its potential impact on open source license enforcement.
Best Practices for Implementing Software Composition Analysis, Featuring Rancher Labs
Explore the successful implementation of Software Composition Analysis (SCA) at Rancher Labs, focusing on simplicity, CI/CD integration, barrier removal, and addressing tech debt.
Building a Sustainable Software Supply Chain
Exploring strategies to enhance software supply chain security through sustainability practices.
Announcing New Support for C/C++ Scanning, SBOMs
FOSSA introduces support for C/C++ scanning and SBOM generation, enhancing software supply chain security.
The Three Pillars of Reproducible Builds
Exploring the guiding principles of reproducible builds to strengthen software supply chain security.
6 Takeaways from the Linux Foundation's SBOM Report
A detailed analysis of the Linux Foundation's SBOM report, outlining key insights into software supply chain security.
Q and A: Software Bill of Materials and FOSSA
Explore common questions related to FOSSA’s SBOM solution including its features, export formats, and security aspects.
How to Generate an SBOM with FOSSA
Learn how to use FOSSA's SBOM tool to generate a software bill of materials easily and effectively.
The Minimum Required Elements of an SBOM
An overview of the minimum required elements for a Software Bill of Materials (SBOM) as outlined by the U.S. Federal Government's NTIA.
IT Central Station: What Makes for an Effective SCA Solution
Exploring the essential features of an effective Software Composition Analysis (SCA) solution through insights from IT Central Station members.
Software Bill Of Materials (SBOM) Formats, Use Cases, and Specifications
Explore the significance of Software Bill of Materials (SBOM), its formats, use cases, and essential elements crucial for compliance and security in the software supply chain.
How SCA Helps Manage OSS Vulnerabilities
Explore how Software Composition Analysis (SCA) helps teams manage open source software vulnerabilities.
The Future of Software Composition Analysis, Featuring Forrester
Exploring the future of Software Composition Analysis (SCA) with key insights into automation, governance, and developer integration.
What is Software Composition Analysis?
Discover how Software Composition Analysis (SCA) helps you manage and reduce risks associated with open source components in your software.
A Framework for Evaluating Software Composition Analysis Tools
Understand the importance of Software Composition Analysis (SCA) tools for mitigating risks associated with open source components in modern software development.
Open Source Management: Fundamentals
Explore the role of open source in the enterprise market and learn the essentials of managing open source software including strategies, policies, and tools for effective oversight.
Snippet Scanning: Is it Right for Your Team?
Explore the nuances of snippet scanning and its relevance to software development today, while considering risk profiles and modern development practices.
Pathologies of Go Package Management
An exploration of the challenges and strategies in managing Go package dependencies, including issues with reproducible builds and dependency analysis.