Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
Codenotary announced TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lamda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code.
With TrueSBOM, applications self-report their components so that the SBOM always remains up-to-date. That is really the only way to create an SBOM for serverless applications. Otherwise, SBOMs are created as a snapshot in time that shows the list of components when the application is created. But, because serverless apps are created ‘on-the-fly’ each time they are invoked, the traditional way of creating SBOMs was useless – requiring the SBOM to be maintained every time. The patent-pending Codenotary technology changes all of that.
“The real-time update capability of our TrueSBOM technology makes it possible to generate an SBOM for serverless apps, which previously was almost impossible leaving organizations with a gaping security hole,” said Dennis Zimmer, co-founder and CTO, Codenotary. “Now, with TrueSBOM it’s possible to generate the list of ingredients that make up the application in real-time adding a new level of security to serverless applications.”
The new TrueSBOM for Severless helps enterprises comply with the US Executive Order on Improving the Nation’s Cybersecurity, which includes maintaining a Software Bill of Materials (SBOM), as well as the SLSA security framework to ensure trust in the software supply chain.
TrueSBOM guarantees that the SBOM for a serverless application is always a true reflection of its components – and that the SBOM is not just a text file that is stored separately from the application, but rather it’s part of the application itself that export on request its own SBOM or list of ingredients. This is critical for modern applications like serverless that self-update, where relying on an external SBOM generation at build-time would not pick up the new updates.
In addition, TrueSBOM allows the enrichment of the SBOM with vulnerability scanner results or trust and integrity information. TrueSBOM keeps the list of contents in an app up-to-date at all times providing a level of security that was previously near impossible to attain.
TrueSBOM for Serverless is available now.
Industry News
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.
OpenText™ announced a solution to long-standing open source intake challenges, OpenText Debricked Open Source Select.
ThreatX has extended its Runtime API and Application Protection (RAAP) offering to provide always-active API security from development to runtime, spanning vulnerability detection at Dev phase to protection at SecOps phase of the software lifecycle.
Canonical announced the release of Ubuntu 24.04 LTS, codenamed “Noble Numbat.”
JFrog announced a new machine learning (ML) lifecycle integration between JFrog Artifactory and MLflow, an open source software platform originally developed by Databricks.
Copado announced the general availability of Test Copilot, the AI-powered test creation assistant.