InfoQ
5 months agoSoftware development
OpenSSF Adds Attestations to SBOMs to Validate How Software is Built
OpenSSF has developed SBOMit, a tool that enhances Software Bills of Materials (SBOMs) with in-toto attestations to increase transparency and security in the software development process.
SBOMit provides a standardized method for attesting components with added verification information, regardless of the SBOM format used. [ more ]