sbomqs

• AWS open source newsletter #144

  Feb 5, 2023 |  19 minute read

  Feb 5th, 2023 - Instalment #144 Welcome to edition #144 of the AWS open source newsletter, and another week of great new open source projects for you to try out. Some of the treats in store for you this week include “dynamodb-shell”, a project that provides a cli to your favourite AWS database, “precloud” a tool to help you catch issues with your configuration before you deploy, “node-latency-for-k8s” a tool to analyse your node logs, “stepfunctions-lambda-ec2-ssm” a very nice way of using step functions to overcome the 15 minute timeout of your lambda functions, “terraform-ec2-image-builder-container-hardening-pipeline” a very cool example of how to build an EC2 image hardening pipeline using Terraform, and “cloudtrail-event-fuzzy-viewer” a tool to copy your AWS CloudTrail events and then fuzzy search them on the command line.

  • oss-newsletter
  • aws open source
  • Apache Flink
  • Terraform
  • Apache Spark
  • Delta Lake
  • Kubernetes
  • Amazon EKS
  • Apache Iceberg
  • Bottlerocket
  • Ubuntu
  • Argo Workflows
  • Argo Events
  • Apache YuniKorn
  • Fluent Bit
  • Prometheus
  • Quarkus
  • OpenSearch
  • PostgreSQL
  • AWS Amplify
  • Next.js
  • Grafana
  • Telegraf
  • Dask
  • syft
  • sbomqs
  • Cosign
  • Sigstore

• sbomqs, an open source tool to quality check your SBOMS

  Feb 2, 2023 |  6 minute read

  When putting together a previous post on how to use open source tools to create a software bill of materials (SBOM), Ritesh Noronha alerted me to another project, sbomqs that aims to simplify the evaluation of SBOM quality for both producers and consumers. A quality SBOM is one that is accurate, complete, and up-to-date. It should accurately reflect the components and dependencies used in the software application, including their version and optionally any known vulnerabilities.

  • Amazon ECR
  • sbomqs
  • SPDX
  • SBOM