Merge pull request #4 from ccommisso/website2.0

marketing site update

Author: VinnyBarton

marketing/assets/css/style.css

@@ -4290,4 +4290,142 @@ video {
     --tw-border-opacity: 1;
     border-color: rgb(75 85 99 / var(--tw-border-opacity));
   }
-}
+}
+
+/* SecureSBOM Page Styling */
+.hero-section {
+    text-align: center;
+    padding: 3rem 0;
+    background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+    color: white;
+    margin-bottom: 2rem;
+  }
+  
+  .hero-title {
+    font-size: 3rem;
+    margin-bottom: 1rem;
+  }
+  
+  .hero-subtitle {
+    font-size: 1.25rem;
+    margin-bottom: 2rem;
+    opacity: 0.9;
+  }
+  
+  .hero-cta {
+    display: flex;
+    gap: 1rem;
+    justify-content: center;
+    flex-wrap: wrap;
+  }
+  
+  .features-grid, .advantages-grid, .cta-grid {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
+    gap: 2rem;
+    margin: 2rem 0;
+  }
+  
+  .workflow-section {
+    background: #f8fafc;
+    padding: 3rem 2rem;
+    border-radius: 12px;
+    margin: 3rem 0;
+  }
+  
+  .workflow-grid {
+    display: grid;
+    grid-template-columns: 1fr 1fr;
+    gap: 4rem;
+    margin-top: 2rem;
+    max-width: 1200px;
+    margin-left: auto;
+    margin-right: auto;
+  }
+  
+  .workflow-column {
+    padding: 2.5rem;
+    background: white;
+    border-radius: 12px;
+    box-shadow: 0 4px 6px rgba(0,0,0,0.1);
+    min-height: 400px;
+  }
+  
+  .workflow-column h3 {
+    color: #2d3748;
+    margin-bottom: 1.5rem;
+    border-bottom: 3px solid #4299e1;
+    padding-bottom: 0.75rem;
+    font-size: 1.5rem;
+  }
+
+  .workflow-column h4 {
+    color: #4a5568;
+    margin-top: 2rem;
+    margin-bottom: 1rem;
+    font-size: 1.2rem;
+  }
+  
+  .workflow-column ol, .workflow-column ul {
+    padding-left: 1.5rem;
+    margin-top: 1rem;
+  }
+  
+  .workflow-column li {
+    margin-bottom: 0.75rem;
+    line-height: 1.7;
+    font-size: 1rem;
+  }
+  
+  .cta-card {
+    border: 1px solid #e2e8f0;
+    padding: 1.5rem;
+    border-radius: 8px;
+    text-align: center;
+    transition: transform 0.2s ease, box-shadow 0.2s ease;
+  }
+  
+  .cta-card:hover {
+    transform: translateY(-2px);
+    box-shadow: 0 4px 12px rgba(0,0,0,0.15);
+  }
+  
+  .cta-section {
+    margin: 3rem 0;
+  }
+  
+  /* Responsive design */
+  @media (min-width: 1400px) {
+    .workflow-grid {
+      max-width: 1400px;
+    }
+  }
+
+  @media (max-width: 992px) {
+    .workflow-grid {
+      gap: 2rem;
+      max-width: 100%;
+    }
+    
+    .workflow-column {
+      padding: 2rem;
+    }
+  }
+
+  /* Responsive design for mobile */
+@media (max-width: 768px) {
+    .workflow-grid {
+      grid-template-columns: 1fr;
+      gap: 2rem;
+    }
+    
+    .workflow-section {
+      padding: 2rem 1rem;
+      margin: 2rem 0;
+    }
+    
+    .workflow-column {
+      padding: 1.5rem;
+      min-height: auto;
+    }
+  }

marketing/content/about.md

@@ -5,26 +5,48 @@ aliases = ["about-us", "about-hugo", "contact"]
 author = "Hugo Authors"
 +++
 
-# About  
+# About SecureSBOM by ShiftLeftCyber
 
-At **ShiftLeftCyber**, we specialize in managing the full **software supply chain** lifecycle including SBOM Generation, SBOM Augmentation, SBOM Enrichment, SBOM Signing, SBOM Sharing & SBOM Analysis. We believe you cannot secure what you dont know. At ShiftLeftCyber we help you Streamline Compliance & Secure your Supply Chain.
+SecureSBOM is the enterprise-grade solution from **ShiftLeftCyber**, designed to manage the full life cycle of **Software Bill of Materials (SBOMs)** across your software supply chain.
 
-### SBOM Authoring  
-We help you generate, augment & enrich SBOMs directelly in your CI Pipelines using industry standards like **CycloneDX** and **SPDX** to provide a detailed inventory of your software components.
+---
 
-### SBOM Signing and Verification  
-Ensure the authenticity and integrity of your SBOMs with our signing and verification solutions. We support methods such as **Cosign** and **JSON Signature Format (JSF)**.
+## What We Do
 
-### Vulnerability Management  
-Leverage SBOMs to identify and address vulnerabilities in your software supply chain. Our tailored solutions streamline your risk management and compliance processes.  
+At **ShiftLeftCyber**, we empower organizations to:
 
-### Compliance Support  
-Stay ahead of regulations like the **EU Cyber Resilience Act**, **EO14028**, **PCI DSS 4.0** and others. We provide guidance to ensure your software meets security and transparency requirements.  
+- **Generate, augment, and enrich SBOMs**  
+  Embedded directly into your CI/CD pipelines, using industry-standard formats like **CycloneDX** and **SPDX**—allowing a comprehensive, accurate software component inventory.
 
-### Custom Solutions  
-We deliver customized tools and workflows to suit your unique supply chain needs, empowering your team to maintain secure and traceable software practices.  
+- **Sign and verify SBOMs**  
+  Ensure both authenticity and integrity of your SBOMs through signing and verification using tools such as **Cosign** and the **JSON Signature Format (JSF)**. 
 
----  
+- **Analyze and remediate vulnerabilities**  
+  Leverage SBOMs to pinpoint and manage software supply chain risks—enhancing vulnerability detection, response, and remediation workflows.
 
-Want to learn how we can strengthen your software supply chain? [Contact us](/contactus) today
-  
+- **Streamline compliance**  
+  Stay ahead of evolving regulatory requirements—including the **EU Cyber Resilience Act**, **EO 14028**, **PCI DSS 4.0**, and more—with expert support and tooling that helps ensure transparency and compliance.
+
+- **Deliver custom solutions**  
+  Tailored tools and workflows adapt to your environment, enabling secure, traceable, and efficient SBOM practices.
+
+---
+
+## Why It Matters
+
+*You cannot secure what you don’t know.*
+
+In a rapidly scaling software ecosystem—where third-party and open-source components are ubiquitous—visibility into your software's composition is essential. SBOMs provide that **transparency**, enabling faster vulnerability response, stronger compliance, and supply chain trust. :contentReference[oaicite:6]{index=6}
+
+SecureSBOM consolidates all aspects of SBOM lifecycle management—from generation to sharing—into one unified, enterprise-ready framework.
+
+---
+
+## Get in Touch
+
+Ready to **secure your supply chain**?  
+[Contact us](/contactus/) to discover how SecureSBOM can elevate your SBOM strategy—and your security posture.
+
+---
+
+© ShiftLeftCyber 2025. All rights reserved.

marketing/content/blog/what_is_an_sbom_and_why_should_you_care.md

@@ -0,0 +1,36 @@
++++
+author = "jsmith"
+title = "What is an SBOM & Why Should You Care? 🤔💡"
+date = "2025-04-20"
+description = ""
+tags = [
+    "markdown",
+    "css",
+    "html",
+]
+
+series = [""]
+aliases = [""]
+
+image = "img/thirdparty/1743601193385.jpeg"
++++
+
+Software today isn't built from scratch - it is assembled from open-source components, third-party libraries,
+and proprietary code. But do you really know what's inside the software you use or ship? 🔍💻
+
+That's where a Software Bill of Materials (SBOM) comes in. 📝
+
+An SBOM is like an ingredient list for software, showing all the components that make up an application.
+This transparency is crucial for:
+
+🔐 Security - Quickly identifying vulnerabilities in software dependencies
+✅ Compliance - Meeting regulatory requirements
+⚠️ Risk Management - Understanding the supply chain to prevent hidden risks
+
+While having an SBOM is a great start, it still isn't enough. The real challenge is securing it and
+ensuring it can be trusted. 🔒🔑
+
+Is your organization using SBOMs? What challenges have you faced? Let’s discuss! 💬👇
+
+
+#CyberSecurity #SBOM #SoftwareSecurity #SupplyChainSecurity #DigitalTrust #DataIntegrity

marketing/content/products/_index.md

@@ -1,3 +1,11 @@
 ---
-title: "Products"
+title: "Products & Services"
 ---
+
+SecureSBOM
+
+Offline Verification
+
+CI/CD Integration & Tooling
+
+Professional Services

marketing/content/securesbom.md

@@ -0,0 +1,123 @@
+---
+title: "SecureSBOM - Enterprise SBOM Signing & Verification"
+description: "Cryptographic signing and verification of Software Bill of Materials (SBOMs) for trusted supply chain security. Ensure authenticity, integrity, and compliance."
+date: 2025-08-19
+layout: "single"
+---
+
+# SecureSBOM
+## Enterprise-Grade SBOM Signing & Verification at Scale
+
+> **Trusted SBOMs. Verified Supply Chains. Zero Compromise.**
+
+SecureSBOM provides **cryptographic signing and verification** of your Software Bill of Materials, ensuring **authenticity, integrity, and compliance** across your entire software lifecycle.
+
+**[Request Demo](/contactus/?type=demo)** | **[Get API Access](/contactus/?type=api)** | **[Contact Sales](/contactus/?type=sales)**
+
+---
+
+## Why SecureSBOM?
+
+### 🔒 Sign Your SBOMs
+**Protect your software artifacts with cryptographic proof:**
+- **Integrity Assurance** — Detect any tampering or modification
+- **Publisher Authentication** — Prove legitimate source and ownership  
+- **Regulatory Compliance** — Meet EO 14028, NIST, and EU CRA requirements
+- **Audit Evidence** — Provide cryptographic proof for security reviews
+
+### 🛡️ Verify SBOMs
+**Establish trust in your software supply chain:**
+- **Threat Detection** — Identify forged or compromised SBOMs early
+- **Automated Validation** — Scale trust verification across CI/CD pipelines
+- **Vendor Confidence** — Validate third-party software components
+- **Zero Trust Architecture** — "Don't trust, verify" every component
+
+---
+
+## How It Works
+
+### For SBOM Producers 🔨
+**Transform your software releases into trusted, verifiable artifacts:**
+
+1. **Generate** your SBOMs from source code, builds, or container images
+2. **Sign** digitally using SecureSBOM API or CLI tools
+3. **Distribute** signed SBOMs with releases (OCI registries, GitHub, package repos)
+4. **Archive** for compliance with full audit trails and metadata
+
+### For SBOM Consumers 🛡️
+**Verify authenticity through multiple validation methods:**
+
+**Online Verification ✅**
+- Validate against transparency logs (Sigstore Rekor)
+- Confirm integrity, authenticity, and issuance timestamps
+- Automate in CI/CD pipelines and vendor onboarding
+- Real-time threat intelligence integration
+
+**Offline Verification 🔒**
+- Air-gapped and highly regulated environment support
+- Local validation using trusted public keys
+- No internet connectivity required
+- Perfect for classified or sensitive deployments
+
+---
+
+## Key Benefits
+
+**⚡ Rapid Integration** — API-first design with native CI/CD support (GitHub Actions, GitLab CI, Jenkins)
+
+**🔐 Zero Trust Ready** — Enforce "verify everything" across your entire software pipeline
+
+**🌐 Standards Compliant** — Full support for CycloneDX, SPDX, and Sigstore ecosystems
+
+**📊 Compliance Ready** — Generate audit-ready reports and evidence for regulatory requirements
+
+**🏢 Enterprise Scale** — Multi-tenant architecture with role-based access control
+
+**🔑 Flexible Key Management** — Support for HSMs, cloud KMS, and on-premises key stores
+
+---
+
+## Technical Specifications
+
+**Supported SBOM Formats:**
+- CycloneDX (1.4+) with native signature support
+- SPDX (2.3+) with detached signature verification
+- Custom format extensions via API
+
+**Integration Options:**
+- REST API with OpenAPI specification
+- Command-line interface (CLI) for local workflows  
+- Native plugins for popular CI/CD platforms
+- Webhook support for real-time notifications
+
+**Security Features:**
+- Hardware Security Module (HSM) integration
+- Multi-signature workflows for critical releases
+- Timestamping and transparency log integration
+- Comprehensive audit logging and compliance reporting
+
+---
+
+## Get Started Today
+
+### 🎯 Request a Demo
+See SecureSBOM in action with your actual SBOMs
+**[Schedule Demo](/contactus/?type=demo)**
+
+### 🔑 Get API Access
+Start integrating SBOM signing into your workflows
+**[Request API Key](/contactus/?type=api)**
+
+### 💬 Talk to Sales
+Discuss enterprise features and custom solutions
+**[Contact Sales](/contactus/?type=sales)**
+
+---
+
+**Questions?** Our security experts are here to help. [Contact our team](/contactus/) to learn how SecureSBOM can transform your software supply chain security.
+
+### Related Resources
+- 📘 [SBOM Signing Best Practices](/blog/sbom-signing-best-practices/) 
+- 🔍 [Supply Chain Security Guide](/blog/supply-chain-security-guide/)
+- ⚖️ [EO 14028 Compliance Checklist](/blog/eo-14028-compliance/)
+- 🛠️ [CI/CD Integration Examples](/blog/cicd-sbom-integration/)