Merge pull request #13 from shiftleftcyber/jason

Add another blog post from LinkedIn

Author: j28smith

marketing/content/blog/eo14028.md …eting/content/blog/2024-12-09-eo14028.mdmarketing/content/blog/eo14028.md renamed to marketing/content/blog/2024-12-09-eo14028.md marketing/content/blog/eo14028.md renamed to marketing/content/blog/2024-12-09-eo14028.md

@@ -0,0 +1,43 @@
++++
+author = "Jason Smith"
+title = "Why SBOMs Are Not One-and-Done 📦🔄"
+date = "2025-05-25"
+linkedin = "https://www.linkedin.com/posts/j28smith_sbom-cybersecurity-softwaresupplychain-activity-7325922851973189634-o0SG"
+image = "img/thirdparty/2025-05-25-SBOMLifecycle.jpeg"
++++
+
+✅ You've generated an SBOM. Congratulations!
+
+But here's the truth. An SBOM is not a report you create once and tuck away. Modern software changes constantly. New features, updated libraries, security patches, refactored code... All of this reshapes your software supply chain.
+
+That means your SBOM must evolve alongside your software. Here's why a one-and-done SBOM isn't enough:
+
+🔄 Continuous delivery = continuous change
+
+* Your software isn't static. Your SBOM can't be static either.
+
+⚠️ New risks appear every day
+
+* A library that was safe last month might have a critical vulnerability today.
+
+📊 Compliance requirements keep shifting
+
+* Regulators, customers, and partners increasingly expect current SBOMs, not historical snapshots.
+
+🔐 Trust is only as strong as verification
+
+* It's not enough to just have an SBOM. You need to be able to prove it's authentic.  Signing SBOMs and using cryptographic verification ensures they haven't been tampered with.
+
+🏗️ Automation is key
+
+* To keep up, SBOM generation needs to be integrated into your CI/CD pipelines - not left as a manual task.
+
+Key takeaway:
+
+If you're not updating your SBOM regularly, you're not really managing your software supply chain. And let's be honest, if you don't have your SBOM generation automated it is already out of date.
+
+Are you automating SBOM generation or piecing it together manually? Are you signing them? What's worked (or hasn't worked) for your team?
+
+If this or any of my past SBOM posts have resonated, drop a comment, I'd love to hear what you think!! 💬👇
+
+#SBOM #CyberSecurity #SoftwareSupplyChain #DevSecOps #OpenSourceSecurity #SupplyChainSecurity #ContinuousDelivery #DigitalTrust #SoftwareIntegrity #SecureDevelopment

marketing/content/blog/en_cra.md …keting/content/blog/2024-12-10-en_cra.mdmarketing/content/blog/en_cra.md renamed to marketing/content/blog/2024-12-10-en_cra.md marketing/content/blog/en_cra.md renamed to marketing/content/blog/2024-12-10-en_cra.md

@@ -3,7 +3,7 @@
       "title": "Scalable SBOM Signing & Verification",
       "description": "Enterprise-grade cryptographic signing and validation for every SBOM you produce or consume.",
       "icon": "fas fa-shield-alt",
-      "link": "/securesbom"
+      "link": "/securesbom/"
     },
     {
       "title": "Standards-Compliant (CycloneDX & SPDX)",
@@ -16,7 +16,7 @@
       "title": "Enterprise-Ready Architecture",
       "description": "Multi-tenant, compliance-ready design that scales to regulated industries and large organizations",
       "icon": "fas fa-building",
-      "link": "/securesbom"
+      "link": "/securesbom/"
     },
     {
       "title": "Seamless CI/CD Integration",
@@ -28,13 +28,13 @@
       "title": "Secure Key Management (Cloud & On-Prem HSM)",
       "description": "Support for Hardware Security Modules to protect signing keys in any environment.",
       "icon": "fas fa-key",
-      "link": "/securesbom"
+      "link": "/securesbom/"
     },
     {
       "title": "Offline & Clean-Room Verification",
       "description": "Perform signing and verification in air-gapped or highly regulated environments with full offline support.",
       "icon": "fas fa-lock",
-      "link": "/securesbom"
+      "link": "/securesbom/"
     }
   ]