In November 2025, a team self-hosting Langfuse, an open-source LLM observability platform, on Kubernetes uploaded their ClickHouse image to AWS ECR as part of their production preparation. They found that the pipeline scanner had returned three critical vulnerabilities - not in ClickHouse, but in the base image. Their security team saw the findings and blocked...
#devsecops
3 posts
30 Apr
12 Jul 2022
Microsoft open sources its software bill of materials (SBOM) generation tool
Engineering at MicrosoftWe are excited and proud to open source our software bill of materials (SBOM) generation tool. A key requirement of the Executive Order on Improving the Nation’s Cybersecurity, SBOMs are lists of ingredients that make up software components, providing software transparency so organizations have insight into their supply chain dependencies. Our SBOM tool is a […] The post Microsoft open…
13 Oct 2021
In this post, Adrian Diglio walks us through how Microsoft is planning to generate SBOMs not just to meet the U.S. Presidential Executive Order on Improving the Nation's Cybersecurity, but for all software that Microsoft produces. The post Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft appeared first on Engineering@Microsoft.