The Open Source Security Foundation (OpenSSF) has recently announced SBOMit, a tool designed to bolster Software Bills of Materials (SBOMs) with in-toto attestations. This development, announced under

InfoQ is a leading online platform for software developers, architects, and technical leaders, providing news, articles, presentations, and interviews on a wide range of topics, including agile practices, DevOps, microservices, and emerging technologies. With a focus on quality content and expert insights, InfoQ helps professionals stay informed about the latest trends, best practices, and industry developments. Developers can learn from real-world experiences, gain  knowledge, and connect with peers in the global software community through InfoQ's diverse and engaging content.

InfoQ

OpenSSF introduces SBOMit, a tool that enhances Software Bills of Materials (SBOMs) with in-toto attestations, increasing transparency and security in the software development process. SBOMit helps mitigate the risk of errors, enhances security, and enables organizations to recover securely from compromises.

OpenSSF Adds Attestations to SBOMs to Validate How Software is Built