Parasoft announces the opening of its new office in Northeast Ohio.
Codenotary announced SBOMcenter, providing a central, secure place for software producers and consumers to freely generate, store and share Software Bills of Materials (SBOMs). The service is free for trial use.
Codenotary’s new SBOMcenter provides centralized secure storage for SBOMs, as well as the ability for the software to self create SBOMs so they are always up-to-date.
“This solves the biggest problem with SBOMs today by providing a central source for maintaining up-to-date versions that are tamper-proof and can be shared with authorized users,” said Dennis Zimmer, co-founder and CTO, Codenotary. “To derive value from SBOMs, they can’t just be static documents that are stored on a computer somewhere. SBOMcenter is the central exchange of secure SBOMs between software producers and software consumers by sharing a link to the SBOM for easy access to up-to-date information.”
The free trial version of SBOMcenter provides centralized storage of all SBOMs, which can be imported and exported from and to any standard format.
Codenotary is providing free use of SBOMcenter in this preview version. Additional features to further enhance security of the software supply chain are planned in the next version soon. Those will include vulnerability scanning, risk exposure scoring, alerts on newly discovered vulnerabilities, and enforcement through a DevOps pipeline.
SBOMcenter enables enterprises to implement SBOMs as part of their software supply chain management practices by streamlining the process of generating, updating, verifying, enriching and sharing SBOMs to enhance security. SBOMcenter makes it easy for enterprises to derive value from SBOMs with an easy path to even greater value by identifying potential vulnerabilities or compliance issues in their software supply chains, understanding security risks, plus alerts on new vulnerabilities which all enable enterprises to lockdown their software supply chain for greater security.
Industry News
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
Nokod Security announced the general availability of the Nokod Security Platform.
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.