SBOMs are typically managed in UI tools like Dependency Track. While providing a nice UI, these tools require additional infrastructure and are far removed from the development process. The last thing your DevOps team needs is another external tool that it needs to manage and integrate with its CICD practices.
Enter bogrod.
* enable your DevOps team to manage SBOM where it originates: with the code
* track SBOM and your VEX analysis using established git practices
* analyze vulnerabilities and update VEX analysis from the console or in your favorite IDE
* easily reuse VEX analysis across multiple images
3 comments
[ 2.8 ms ] story [ 19.8 ms ] threadEnter bogrod.
* enable your DevOps team to manage SBOM where it originates: with the code
* track SBOM and your VEX analysis using established git practices
* analyze vulnerabilities and update VEX analysis from the console or in your favorite IDE
* easily reuse VEX analysis across multiple images