Built on 30M+ download open source tools (Syft & Grype) 🔧
Community-proven, enterprise-hardened 💪
https://anchore.com/platform/secure/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
#SoftwareSupplyChain
Even if DB is more often the laughing than the rolling stock of Germany these days, they are doing quite OK in adhering to the FOSS licenses here or there.
I did mention that an enforcement of the legal basis of FOSS (usually known as FOSS compliance) usually leads to intentional engagement with the upstreams/used FOSS components and general evolution of engineering maturity of the company.
Whether that engagement is prior to the impact of an enforcement with the intent to actively control known risks or after an enforcement.
Here's DB Systels @mxmehl reporting on how they got their SBOM / software supply chain / CRA business under control:
https://fosdem.org/2026/events/attachments/ZSWH3N-deutsche-bahn-supply-chain-cra-strategy/slides/265827/2026-01-3_7kstxwl.pdf
Slide 5: "SBOMs weren't new to us: Originated from Open Source license compliance"
Rest of the talk here: https://fosdem.org/2026/schedule/event/ZSWH3N-deutsche-bahn-supply-chain-cra-strategy/
#db #db_Bahn #sbom #cra #softwaresupplychain #compliance #foss #itsec #softwaresupplyChainSecurity
False positives killing your team's productivity? 😵💫
Anchore Secure gives you signal, not noise 📡
https://anchore.com/platform/secure/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
FedRAMP compliance in weeks, not months ⚡
Ready-to-deploy policy packs for instant compliance feedback 📋
Anchore SBOM Score = CVSS + EPSS + KEV status 📊
Because not all vulnerabilities are created equal ⚠️
https://anchore.com/platform/sbom/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
Your MCP server might be the weakest link—here's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/
"Bring Your Own SBOM" sounds simple...
Until you try to manage thousands of them 📊
Scale is everything 📈
https://anchore.com/platform/sbom/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
Supply chain attacks ↗️ 742% in 2023
Your traditional security stack wasn't built for this fight.
SBOM-first architecture changes everything ⚡
Anchore SBOM Score = CVSS + EPSS + KEV status 📊
Because not all vulnerabilities are created equal ⚠️
https://anchore.com/platform/sbom/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
Shift-left compliance checking ⬅️
Catch violations before deployment, not during audits 🛡️
SBOM-first isn't just a buzzword—it's the architecture that makes continuous security actually possible 🔄
Feel the difference ⚡
What open source trends am I looking at in 2026? Here’s a look at what I’m expecting for this year.
https://duckalignment.academy/open-source-trends-2026/
Malicious npm packages are being used as launchpads for wider attacks — the supply chain remains the softest entry point. Trust, but verify every dependency. 📦⚠️ #SoftwareSupplyChain #Phishing
https://thehackernews.com/2025/12/27-malicious-npm-packages-used-as.html
Scale-out architecture for web-scale environments 📈
Because your containers don't wait for security scans ⏱️
https://anchore.com/platform/secure/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
Built on 30M+ download open source tools (Syft & Grype) 🔧
Community-proven, enterprise-hardened 💪
https://anchore.com/platform/secure/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
False positives killing your team's productivity? 😵💫
Anchore Secure gives you signal, not noise 📡
https://anchore.com/platform/secure/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
FedRAMP compliance in weeks, not months ⚡
Ready-to-deploy policy packs for instant compliance feedback 📋
Your MCP server might be the weakest link—here's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/
Tinyfront OS emerges as a notable open-source effort aiming to counter big tech's toolchain dominance. By adopting TinyCC over complex GNU/LLVM systems, the project pursues a minimalist, fully auditable POSIX-compliant OS. This approach directly addresses critical software supply chain risks by enabling comprehensive human review of core components, challenging reliance on opaque million-line codebases. A valuable step toward transparency in foundational... #SoftwareSupplyChain #TechEthics
It’s okay to say “pay me if you want fast fixes”, but communicate that policy ahead of time so people can make informed decisions.
https://duckalignment.academy/how-quickly-should-you-fix-vulnerabilities/
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst