Merge remote-tracking branch 'origin/master'

CycloneDX · Sep 29, 2023 · 9e89188 · 9e89188
2 parents 7ee904e + 448c4a9
commit 9e89188
Show file tree

Hide file tree

Showing 34 changed files with 939 additions and 99 deletions.
diff --git a/_data/articles.yml b/_data/articles.yml
@@ -0,0 +1,32 @@
+external:
+  - title: A software bill of materials helps secure your supply chain
+    subtitle: The software supply chain involves developing, maintaining and distributing software to end users. To enhance the functionality of the software being developed, developers frequently depend...
+    organization: SecurityIntelligence
+    date: 2023-06-28
+    image: /theme/assets/images/news/supply_chain.png
+    url: https://securityintelligence.com/posts/a-software-bill-of-materials-helps-secure-your-supply-chain/
+  - title: The five dimensions of SBOM quality
+    subtitle: In a memo issued on June 9, the Office of Management and Budget clarified details about how agencies will be required to collect cybersecurity attestations from software providers whose services they use.
+    organization: Contrast Security
+    date: 2023-07-26
+    image: /theme/assets/images/news/cloud_sec.png
+    url: https://www.contrastsecurity.com/security-influencers/sbom-quality-cyclonedx-and-the-5-dimensions-of-sbom-quality-contrast-security
+  - title: "CycloneDX 1.5: The next big step for SBOMs and software transparency"
+    subtitle: With CycloneDX 1.5, OWASP is introducing a number of new types of SBOMs. Here's a full run-down on changes — and what they mean for software transparency.
+    organization: ReversingLabs
+    date: 2023-07-12
+    image: /theme/assets/images/news/transparency.png
+    url: https://www.reversinglabs.com/blog/owasp-takes-cyclonedx-beyond-the-sbom
+  - title: Introducing Software Bill of Materials for Confluent Platform
+    subtitle: The software supply chain in the technology industry is becoming increasingly complex. This complexity poses significant challenges in terms of compliance, security, and vulnerability management.
+    organization: Confluent
+    date: 2023-07-28
+    image: /theme/assets/images/news/confluent.png
+    url: https://www.confluent.io/blog/software-bill-of-materials/
+internal:
+  - title: How CycloneDX v1.5 Increases Trust and Transparency in More Industries
+    subtitle: OWASP is often the first to reveal new, innovative ways to leverage SBOM. The release of CycloneDX version 1.5 is no different, opening up SBOM adoption to new industries and introducing numerous ways to customize CycloneDX SBOMs to indicate quality, show transparency, and expedite vulnerability remediation while increasing trust in the supply chain.
+    organization: OWASP Foundation
+    date: 2023-06-23
+    type: Blog
+    externalLink: https://owasp.org/blog/2023/06/23/CycloneDX-v1.5
diff --git a/_data/tools.yml b/_data/tools.yml
@@ -1774,3 +1774,21 @@
   categories:
     - distribute
     - build-integration
+- name: Vulnerabilities.io
+  publisher: Vulnerabilities Input Output Limited
+  description: Generates CycloneDX Software Bill of Materials (SBOM) and visualisations for an entire organizations codebase through integrations with source control systems. Enables organizations to manage overall supply chain risk.
+  websiteUrl: https://vulnerabilities.io
+  categories:
+  - distribute
+  - build-integration
+  - proprietary
+  - gitHub-app
+  - analysis
+  - author
+- name: Athena 
+  publisher: Medical Aegis Inc
+  description: Athena is a SaaS solution for medical device makers that overlays the product development lifecycle to address risks before devices go to market.
+  websiteUrl: https://medicalaegis.com
+  categories:
+    - proprietary
+    - analysis
diff --git a/_posts/2021-05-04-cyclonedx-v1.3-released.md b/_posts/2021-05-04-cyclonedx-v1.3-released.md
@@ -6,6 +6,9 @@ comments: false
 banner: false
 
 # News article settings
+organization: CycloneDX
+type: Press Release
+
 title: CycloneDX v1.3 Released
 window_title: CycloneDX v1.3 Released
 description: CycloneDX v1.3 Released
@@ -18,6 +21,10 @@ image: https://cyclonedx.org/theme/assets/images/hero-subheader.png
 micro_nav: false
 
 # Page navigation
+breadcrumbs:
+  - title: CYCLONEDX
+  - title: ABOUT
+  - title: NEWSROOM
 
 ---
 

diff --git a/_posts/2021-06-11-cyclonedx-joins-owasp_foundation.md b/_posts/2021-06-11-cyclonedx-joins-owasp_foundation.md
@@ -6,6 +6,9 @@ comments: false
 banner: false
 
 # News article settings
+organization: CycloneDX
+type: Press Release
+
 title: CycloneDX Joins OWASP Foundation as a Flagship Project
 window_title: CycloneDX Joins OWASP Foundation as a Flagship Project
 description: CycloneDX Joins OWASP Foundation as a Flagship Project
@@ -18,7 +21,11 @@ image: https://cyclonedx.org/theme/assets/images/hero-subheader.png
 micro_nav: false
 
 # Page navigation
-
+breadcrumbs:
+  - title: CYCLONEDX
+  - title: ABOUT
+  - title: NEWSROOM
+
 ---
 
 # CycloneDX Joins OWASP Foundation as a Flagship Project

diff --git a/_posts/2021-08-16-cyclonedx-launches-learning-series.md b/_posts/2021-08-16-cyclonedx-launches-learning-series.md
@@ -6,6 +6,9 @@ comments: false
 banner: false
 
 # News article settings
+organization: CycloneDX
+type: Press Release
+
 title: OWASP CycloneDX SBOM Standard Launches Educational Learning Series
 window_title: OWASP CycloneDX SBOM Standard Launches Educational Learning Series
 description: OWASP CycloneDX SBOM Standard Launches Educational Learning Series
@@ -18,6 +21,10 @@ image: https://cyclonedx.org/theme/assets/images/hero-subheader.png
 micro_nav: false
 
 # Page navigation
+breadcrumbs:
+  - title: CYCLONEDX
+  - title: ABOUT
+  - title: NEWSROOM
 
 ---
 

diff --git a/_posts/2022-01-12-cyclonedx-v1.4-released.md b/_posts/2022-01-12-cyclonedx-v1.4-released.md
@@ -6,6 +6,9 @@ comments: false
 banner: false
 
 # News article settings
+organization: CycloneDX
+type: Press Release
+
 title: OWASP Expands SBOM Capabilities, Accelerating Innovation and Supply Chain Risk Reduction
 window_title: CycloneDX v1.4 Released
 description: CycloneDX v1.4 Released
@@ -18,7 +21,11 @@ image: https://cyclonedx.org/theme/assets/images/hero-subheader.png
 micro_nav: false
 
 # Page navigation
-
+breadcrumbs:
+  - title: CYCLONEDX
+  - title: ABOUT
+  - title: NEWSROOM
+
 ---
 
 # OWASP Expands SBOM Capabilities, Accelerating Innovation and Supply Chain Risk Reduction

diff --git a/...-owasp-cyclonedx-launches-sbom-exchange-api--standardizing-sbom-distribution.md b/...-owasp-cyclonedx-launches-sbom-exchange-api--standardizing-sbom-distribution.md
@@ -6,6 +6,9 @@ comments: false
 banner: false
 
 # News article settings
+organization: CycloneDX
+type: Press Release
+
 title: OWASP CycloneDX Launches SBOM Exchange API, Standardizing SBOM Distribution
 window_title: OWASP CycloneDX Launches SBOM Exchange API
 description: OWASP CycloneDX Launches SBOM Exchange API, Standardizing SBOM Distribution
@@ -19,7 +22,11 @@ image: https://cyclonedx.org/theme/assets/images/hero-subheader.png
 micro_nav: false
 
 # Page navigation
-
+breadcrumbs:
+  - title: CYCLONEDX
+  - title: ABOUT
+  - title: NEWSROOM
+
 ---
 
 # OWASP CycloneDX Launches SBOM Exchange API, Standardizing SBOM Distribution

diff --git a/...butes-two-open-source-projects-sbom-utility-and-license-scanner-to-cyclonedx.md b/...butes-two-open-source-projects-sbom-utility-and-license-scanner-to-cyclonedx.md
@@ -6,6 +6,9 @@ comments: false
 banner: false
 
 # News article settings
+organization: CycloneDX
+type: Press Release
+
 title: OWASP Foundation Announces CycloneDX Project Momentum with Contribution from IBM to Advance Software Supply Chain Security
 window_title: OWASP Foundation Announces CycloneDX Project Momentum with Contribution from IBM to Advance Software Supply Chain Security
 description: OWASP CycloneDX Launches Two New Open Source Projects Contributed by IBM that Advance Software Supply Chain Security
@@ -19,7 +22,11 @@ image: https://cyclonedx.org/theme/assets/images/hero-subheader.png
 micro_nav: false
 
 # Page navigation
-
+breadcrumbs:
+  - title: CYCLONEDX
+  - title: ABOUT
+  - title: NEWSROOM
+
 ---
 
 # OWASP Foundation Announces CycloneDX Project Momentum with Contribution from IBM to Advance Software Supply Chain Security

diff --git a/_posts/2023-06-26-cyclonedx-v1.5-released.md b/_posts/2023-06-26-cyclonedx-v1.5-released.md
@@ -6,6 +6,9 @@ comments: false
 banner: false
 
 # News article settings
+organization: CycloneDX
+type: Press Release
+
 title: Introducing OWASP CycloneDX v1.5 - Advanced Bill of Materials Standard Empowering Transparency, Security, and Compliance
 window_title: CycloneDX v1.5 Released
 description: CycloneDX v1.5 Released
@@ -18,7 +21,11 @@ image: https://cyclonedx.org/theme/assets/images/hero-subheader.png
 micro_nav: false
 
 # Page navigation
-
+breadcrumbs:
+  - title: CYCLONEDX
+  - title: ABOUT
+  - title: NEWSROOM
+
 ---
 
 # Introducing OWASP CycloneDX v1.5: Advanced Bill of Materials Standard Empowering Transparency, Security, and Compliance

diff --git a/about/working-groups/working-groups.json b/about/working-groups/working-groups.json
@@ -83,6 +83,20 @@
       "maintainers"
     ]
   },
+  {
+    "displayName": "Mike Zadik",
+    "lastName": "Zadik",
+    "headshot": "https://avatars.githubusercontent.com/u/80639729?v=4",
+    "organization": null,
+    "description": null,
+    "twitter": null,
+    "linkedin": null,
+    "github": "CodeTigerCloud",
+    "homepage": "https://github.com/CodeTigerCloud",
+    "categories": [
+      "maintainers"
+    ]
+  },
   {
     "displayName": "Paul Horton",
     "lastName": "Horton",
@@ -3776,5 +3790,103 @@
     "categories": [
       "contributors"
     ]
+  },
+  {
+    "displayName": "noqcks",
+    "lastName": "noqcks",
+    "headshot": "https://avatars.githubusercontent.com/u/4740147?v=4",
+    "organization": null,
+    "description": null,
+    "twitter": null,
+    "linkedin": null,
+    "github": "noqcks",
+    "homepage": "https://github.com/noqcks",
+    "categories": [
+      "contributors"
+    ]
+  },
+  {
+    "displayName": "validide",
+    "lastName": "validide",
+    "headshot": "https://avatars.githubusercontent.com/u/5551616?v=4",
+    "organization": null,
+    "description": null,
+    "twitter": null,
+    "linkedin": null,
+    "github": "validide",
+    "homepage": "https://github.com/validide",
+    "categories": [
+      "contributors"
+    ]
+  },
+  {
+    "displayName": "mtgag",
+    "lastName": "mtgag",
+    "headshot": "https://avatars.githubusercontent.com/u/36234449?v=4",
+    "organization": null,
+    "description": null,
+    "twitter": null,
+    "linkedin": null,
+    "github": "mtgag",
+    "homepage": "https://github.com/mtgag",
+    "categories": [
+      "contributors"
+    ]
+  },
+  {
+    "displayName": "setchy",
+    "lastName": "setchy",
+    "headshot": "https://avatars.githubusercontent.com/u/386277?v=4",
+    "organization": null,
+    "description": null,
+    "twitter": null,
+    "linkedin": null,
+    "github": "setchy",
+    "homepage": "https://github.com/setchy",
+    "categories": [
+      "contributors"
+    ]
+  },
+  {
+    "displayName": "ansonallard",
+    "lastName": "ansonallard",
+    "headshot": "https://avatars.githubusercontent.com/u/34141612?v=4",
+    "organization": null,
+    "description": null,
+    "twitter": null,
+    "linkedin": null,
+    "github": "ansonallard",
+    "homepage": "https://github.com/ansonallard",
+    "categories": [
+      "contributors"
+    ]
+  },
+  {
+    "displayName": "marcelstoer",
+    "lastName": "marcelstoer",
+    "headshot": "https://avatars.githubusercontent.com/u/624195?v=4",
+    "organization": null,
+    "description": null,
+    "twitter": null,
+    "linkedin": null,
+    "github": "marcelstoer",
+    "homepage": "https://github.com/marcelstoer",
+    "categories": [
+      "contributors"
+    ]
+  },
+  {
+    "displayName": "joonamo",
+    "lastName": "joonamo",
+    "headshot": "https://avatars.githubusercontent.com/u/2312529?v=4",
+    "organization": null,
+    "description": null,
+    "twitter": null,
+    "linkedin": null,
+    "github": "joonamo",
+    "homepage": "https://github.com/joonamo",
+    "categories": [
+      "contributors"
+    ]
   }
 ]
diff --git a/news/index.md b/news/index.md
@@ -1,34 +1,28 @@
 ---
 # Page settings
-layout: extension
+layout: newsroom
 keywords: application security, software security, software bill of material, SBOM, BOM, open source, supply chain, specification, spdx, license, package url, purl, cpe
 comments: false
 banner: false
 
 # Hero section
-title: News
+title: CycloneDX Newsroom
 window_title: OWASP CycloneDX News
-description: News and updates from the OWASP SBOM community
+description: Get the latest CycloneDX developments from OWASP and InfoSec publications. Discover how leaders in tech have used CycloneDX in new and innovative ways.
 
 # Micro navigation
 micro_nav: true
 
 # Page navigation
+breadcrumbs:
+  - title: CYCLONEDX
+  - title: ABOUT
+  - title: NEWSROOM
 
----
-
-# News
+# Featured quote
+quote:
+  author: Jeff Williams
+  org: Co-founder and CTO of Contrast Security
+  text: <b>"CycloneDX is making software transparency a reality</b>. I’m very excited about all the new capabilities in CycloneDX v1.5, particularly the ability to capture detailed evidence proving the SBOM is correct, such as methods, techniques, and call stacks.<br><br>SBOMs aren’t just lists of ingredients anymore. CycloneDX supports services, machine learning, low code, vulnerability disclosure, formulation, and annotations to really <b>capture what’s important about the software you depend on.</b>"
 
-<p>Subscribe with <a href="{{ site.baseurl }}/feed.xml">RSS</a> to keep up with the latest from the OWASP SBOM community.</p>
-
-<div class="articles">
-	{% for article in site.posts limit:100 %}
-		<div class="article-item">
-			<div class="title"><a href="{{ site.url }}{{ article.url }}">{{ article.title }}</a></div>
-            <div class="subtitle">{{ article.subtitle }}</div>
-			<div class="overview"><span class="date">{{ article.date | date: "%d %B %Y" }}</span>{% if article.location %} &#8211; {{ article.location }} {% endif %} &#8211;
-			{{ article.excerpt | xml_escape }}
-            </div>
-		</div>
-	{% endfor %}
-</div>
+---