CICI/CD News
LatestAuthorsGlossary
Tag

#sbom

Tagged “sbom”

2 articles
Security & supply chain

The SBOM you can trust is the one your build actually made

Docker published a guide arguing that SBOMs generated at build time beat post-build scans on completeness, accuracy and freshness. The distinction quietly changes what a CI pipeline is on the hook for.

Jul 8, 2026 · Tomás Vega
Security & supply chain

SBOM attestation is becoming a default pipeline step

Generating and signing a software bill of materials at build time is shifting from compliance nice-to-have to standard CD hygiene. Here's the minimal viable setup.

Jun 12, 2026 · Tomás Vega
CICI/CD News

Independent CI/CD & deployment news — concise, vendor-neutral takes on pipelines, releases and DevOps tooling.

Network

GitHub ActionsJenkinsGitHubCI/CD Glossary

About

Latest newsAuthorsRSS feedSitemapPowered by Buddy