#sbom
Tagged “sbom”
2 articlesSecurity & supply chain
The SBOM you can trust is the one your build actually made
Docker published a guide arguing that SBOMs generated at build time beat post-build scans on completeness, accuracy and freshness. The distinction quietly changes what a CI pipeline is on the hook for.
Jul 8, 2026 · Tomás VegaSecurity & supply chainSBOM attestation is becoming a default pipeline step
Generating and signing a software bill of materials at build time is shifting from compliance nice-to-have to standard CD hygiene. Here's the minimal viable setup.
Jun 12, 2026 · Tomás Vega