As the spotlight on software supply chain security intensifies, the call for adopting Software Bill of Materials (SBOM) becomes more resounding. To aid developers in this critical task, several SBOM generation tools have emerged, with Trivy and Syft leading the pack. These tools, boasting thousands of stars on GitHub and widespread integration in CI/CD pipelines, promise to simplify the generation of SBOMs. However, the burning question remains: How well do they perform? To answer this question, we conducted a thorough evaluation, documented in a comprehensive white paper. This blog serves as a condensed overview, highlighting notable issues discovered during our evaluation. For a more in-depth exploration, readers are encouraged to delve into the white paper.
Unveiling Third-Party Libraries (and Their Vulnerabilities) in Closed-Source Applications
How Deepbits Fulfills the Latest FDA Cybersecurity Guidelines for Medical Devices
How Binary Code AI Changes Malware Defenses?
Building SBOMs for COTS Android Apps
How Do You Upgrade OpenSSL in Your Software Stack? — SBOM and OBOM assisted software upgrade
Discovering Known Vulnerabilities in IoT Devices via Code Search
A Fast and Accurate Disassembler based on Deep Learning
Searching Statically Linked Vulnerable Functions in Minutes
Searching Vulnerabilities in Binaries
A Comparative Review of Embedding based Binary Code Search Techniques