SBOM & Software Supply Chain Security

How open-source projects build an SBOM strategy and attestation model: formats, CI automation, signing, VEX, and CRA/FDA/NIS2 mapping. 2024–2026 best practices.

Your SCA tool already builds an SBOM, then locks it in a console. A practical guide to migrating to an open, SBOM-first workflow with no coverage gap.

Recent quantum computing breakthroughs have moved the PQC deadline earlier. What financial services, critical infrastructure, and medical device leaders need to do now.

Decoding MITRE's April 2026 medical device cybersecurity report — what its findings mean for manufacturers, SBOMs, and FDA-aligned risk management.

After the 2025 chalk/debug npm compromise, "cooldowns" delay adopting brand-new package versions. How SBOMs let you enforce and monitor dependency cooldowns.

Why SBOM generation for C/C++ is hard: vendored code, static linking, and build systems like CMake and Conan break most tools. The 2026 state of the art.

What Astral's security playbook reveals about SBOMs — practical lessons any software team can apply to strengthen supply-chain security and transparency.

How a 100-million-download npm package became the latest victim of an accelerating software supply chain playbook - and what to do about it.

The FDA now requires software support status in medical device SBOMs. Learn what this means for manufacturers and how to demonstrate ongoing support compliance.

Introducing Lynk MCP: a conversational interface to query your software supply chain data. Ask questions about SBOMs, vulnerabilities, and compliance naturally.

SBOM, SOUP, COTS & OTS for medical device software: what FDA 524B and IEC 62304 require, and how to document third-party and open-source code.

Publishing SBOMs to GitHub Releases isn't enough — they go stale fast. Why static release SBOMs fail and how continuous SBOM management keeps them current.

The updated EU Product Liability Directive treats software as a product. How SBOMs help manufacturers manage defect liability and prove due diligence.

Technical guidance on SBOM adoption in India. Learn about emerging regulatory requirements and best practices for software supply chain transparency.

What's new in CISA's third-edition SBOM Framing Document — updated minimum elements and guidance shaping how organizations produce and consume SBOMs.

How to upload files to a GraphQL endpoint using Hurl. Step-by-step technical tutorial with code examples for API testing and file upload automation.

Interlynk launches a free tier for its SBOM automation platform. Get started with SBOM management, quality scoring, and vulnerability scanning at no cost.

How SBOMs underpin EO 14028, EU CRA, FDA, NIS2, DORA, and PCI DSS compliance — one software inventory mapped to every major cybersecurity mandate.

Biotronik selects Interlynk to support FDA cybersecurity compliance for its medical devices with automated SBOM management and vulnerability analysis.

How SBOMs help you meet the EU NIS2 Directive — what NIS2 requires for supply-chain security and why a software bill of materials is central to compliance.

Interlynk partners with Tumeryk to bring AI transparency and security through SBOM and software supply chain visibility for AI/ML applications.

How SBOMs support PCI DSS 4.0: use a software bill of materials to inventory components, track vulnerabilities, and meet payment-security requirements.

Analysis of the OpenChain Telco SBOM Guide. Key takeaways for telecommunications operators managing complex software supply chains and SBOM programs.

Everything about CycloneDX 1.6: new features, improvements, and what the latest SBOM standard version means for your software supply chain security program.

Five critical lessons from the XZ Utils backdoor incident. How SBOM and software supply chain security practices could help prevent similar attacks.

A guide to the CISA Secure Software Development Attestation Form (formerly M-22-18) — what federal software suppliers must attest to, and how SBOMs help.

Detailed breakdown of SBOM requirements under the EU Cyber Resilience Act. What manufacturers need to know about software transparency obligations.

How the EU Cyber Resilience Act impacts SBOM practices. Learn about compliance timelines, requirements, and how to prepare your organization for the CRA.

SBOM in action: analyzing Ivanti Pulse firmware. A real-world case study showing how SBOM reveals hidden components and vulnerabilities in network devices.

How to assemble product-level SBOMs for a group of products using sbomasm. Best practices for aggregating, merging, and distributing composite SBOMs.

Five key insights from the latest SBOM adoption research. Data on industry trends, adoption rates, challenges, and best practices for SBOM implementation.

The 5 most common SBOM problems — incomplete components, weak metadata, version drift, format issues, and stale data — plus how to fix each one.

How to comply with NSA SBOM recommendations. Practical guidance on meeting national security requirements for software supply chain transparency.

How to implement CISA's Minimum Requirements for VEX — cut vulnerability noise in your SBOM by documenting which flaws are actually exploitable in your product.

Federal Acquisition Regulation cyber compliance proposal: requirements, implications, and how SBOM helps contractors meet federal cybersecurity mandates.

SEC cybersecurity disclosure requirements explained. How public companies can use SBOM and software transparency to strengthen incident reporting processes.

Everything about SPDX 3.0: new features, profile model, improvements over SPDX 2.3, and what the latest version means for your SBOM and compliance workflow.

Frequently asked questions about SBOM compliance. Covers regulations, formats, implementation, tools, and best practices for software supply chain security.

How to use sbomasm for SBOM assembly in software products. Open source tool for merging, editing, and distributing Software Bills of Materials.

What the White House National Cybersecurity Strategy Implementation Plan means for software makers — key initiatives, timelines, and the growing role of SBOMs.

Everything about CycloneDX 1.5: new features, attestation support, and how this SBOM standard version advances software supply chain security practices.

Why your organization needs SBOM, part 2: regulatory drivers, supply chain attacks, and the business case for software transparency and risk management.

How to handle open source licenses in SBOMs. Guide to license identification, compliance tracking, and risk assessment for open source components.

Understanding VDR, VEX, OpenVEX, and CSAF: a guide to vulnerability disclosure formats and how they complement SBOM for supply chain security.

Guide to self-attestation for OMB Memorandum M-22-18. How software producers can meet federal secure development requirements and SBOM mandates.

Key updates from SBOM-a-Rama 2023. Summary of industry discussions, CISA guidance, tooling developments, and the future of SBOM adoption.

Why your organization needs SBOM, part 1: understanding software supply chain risks, visibility gaps, and how SBOMs provide transparency for security.

A roadmap towards cybersecure medical devices. How SBOM, FDA guidance, and supply chain security practices protect connected healthcare technology.

Why software disclosures matter for security and compliance. The growing demand for transparency in software supply chains and how SBOM enables it.