heise online

Google's vulnerability scanner checks container layers and Maven projects

Google has released the second version of its vulnerability scanner for open-source projects, which now performs in-depth analyses in complex projects and containers. It also supports Java projects ...
CSOonline

Chainguard adds automated SBOMs, vulnerability scanning to Enforce

With the added features, Enforce can now generate and ingest software bills of materials for container images, automate vulnerability scans and generate reports. Software supply chain security ...