Automatical supply chain collection
Pavel Simzicov
Supply chain security is the part of supply chain management that focuses on the risk management of external suppliers, vendors, logistics and transportation. Its goal is to identify, analyze and mitigate the risks inherent in working with other organizations as part of a supply chain. Supply chain security involves both physical security relating to products and cybersecurity for software and services.
As part of this project, I've been working with the tools such as: syft, grype.
Syft - a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems.
Grype - a vulnerability scanner for container images and filesystems.
Also, I introduced an automated way to update dependencies. The process works as follows:
check for vulnerabilities
updating vulnerable dependencies
creating a pull-request in BitBucket with the fixes
notify slack-channel in order to make sure the PR gets approved and released
Like this project
Posted Jul 25, 2024
Implementation of automatical vulnerability updates and SBOM generation.
