This week many engineering teams are looking for the immensely popular open source library 'curl' in order to get ahead of the CVE-2023-38545 vulnerability. Most of them are NOT going to see it in their SBOM even though they use it.
In this article I walk through why this is, places it might be hiding and questions to ask that can help uncover your use of it.
zebracatzebra.com/oss/curl-is-… #curl #sca #sbom
Curl is seen everywhere except your SBOM, why is it missing even though you use it?, Zebra Cat Zebra
What is curl? curl is an open source command line tool and embeddable library for transferring data over a network.Zebra Cat Zebra