Chainguard Enforce Helps Secure The Software Supply Chain With New SBOM Capabilities

Guest: Kim Lewandowski (LinkedIn)
Company: Chainguard (Twitter)
Show: Newsroom

With U.S government mandates coming into force on software bill of materials (SBOMs), many organizations are in various stages of putting them in place to remain compliant. But companies like Chainguard know that security is more than just the tick marks on a compliance sheet; it’s about actually securing the supply chain. Chainguard wants to make it as easy as possible for organizations to implement SBOMs and help them realize the benefits they can bring.

In this episode of TFiR: Newsroom, Swapnil Bhartiya sits down with Kim Lewandowski, Co-Founder and Chief Product Officer at Chainguard, to talk about the new SBOM, vulnerability analysis, and software signing capabilities of Chainguard Enforce.

Key highlights from the video interview are:

Chainguard is a relatively new software supply chain security company helping companies gain more confidence in the software they are running, and to improve their security posture.
In today’s cloud-centric world, it’s vital to know the whole software supply chain. Lewandowski talks about the efforts from the U.S. government to provide companies with frameworks to help them with new regulations coming through. She goes onto discuss the risks of open source software and the progress she is seeing in securing it.
Lewandowski explains how Chainguard aids in securing the software supply chain so that customers know what they are running, where the software came from, and what its security posture is. From there, Chainguard helps tackle some of the problems that come up.
Chainguard Images is being built entirely from source, with all the packages that go into this on distribution being controlled. Lewandowski talks about the shift they are seeing with giving developers a good security footing from the start and how Chainguard helps you ensure you are staying compliant with federal mandates on an organizational level.
Lewandowski takes us through some of the new features of Chainguard Enforce: the SBOM-as-a-service feature which connects to your workloads and auto-generates an SBOM for you, their auto vulnerability scanning capability, and the new software signing capability.
Although awareness and discussion around the topic of SBOMs is growing, Lewandowski feels we are still in the early stages. She talks about how many people are still seeing it as more of a checkbox.
Lewandowski discusses the challenges organizations are facing with SBOMs such as choosing between different formats, navigating the balance between security and speed, and how to make the data from SBOMs useful and meaningful.
Lewandowski explains what is in the pipeline for Chainguard, such as, making remediation even easier. She talks about what they are working on with their Enforce Images product too.

This summary was written by Emily Nicholls.

You may also like

How Transposit helps companies collaborate across teams

Lineaje’s Open-Source Manager helps organizations secure entire software supply chain

Azul Intelligence Cloud enhances security and boosts productivity

What IBM’s acquisition of HashiCorp means for Terraform licensing

Apiiro wants to be the Diamond Standard for Application Security Posture Management

Akamai further fortifies its API Security with latest PCI DSS Compliance