Search
Items tagged with: SBOM
This week many engineering teams are looking for the immensely popular open source library 'curl' in order to get ahead of the CVE-2023-38545 vulnerability. Most of them are NOT going to see it in their SBOM even though they use it.
In this article I walk through why this is, places it might be hiding and questions to ask that can help uncover your use of it.
https://zebracatzebra.com/oss/curl-is-seen-everywhere-except-your-sbom-why-is-it-missing-even-though-you-use-it/ #curl #sca #sbom
Curl is seen everywhere except your SBOM, why is it missing even though you use it?, Zebra Cat Zebra
What is curl? curl is an open source command line tool and embeddable library for transferring data over a network.Zebra Cat Zebra
Generating a Software Bill of Materials (LFC192) - Linux Foundation - Training
Learn to identify the minimum elements for a Software Bill of Materials (SBOM) and how they can be coded up, and get an overview of some of the open source tooling that is available to support the generation and consumption of an SBOM.Linux Foundation - Training