Bulletproof Trust? Diadem... A Crowning Achievement?
Berenice, the wife of Ptolemy Euergetes, had hair so beautiful, that when she placed it in a temple as an offering to Venus, it was stolen. The king was furious, of course. But to keep him from raging, they told him it was taken into heaven to form a constellation.
A likely story...
Today, "diadem" is a constellation, a type of crown, and even a Megadeath song. Now, we're commandeering the word to represent the latest version of our C-SCRM product, Bulletproof Trust. It's a crowing achievement (heh) with some fantastic new features:
Contributor Tagging
Some contributors are reviewers. Some are testers. Some are maintainers.
Some contributors have high impact. Some are suspicious. And some are working for US State Department restricted entities in a high-risk geography with conflicts of interest.
Some of this matters. Some doesn't. But in the words of G.I. Joe, "knowing is half the battle." So Bulletproof Trust Diadem helps you know by tagging contributors with relevant tags to help you understand when you should take a closer look at their code contributions.
Activity Timeline
Bulletproof Trusts activity timeline now shows a chronological view of when a contributor first contributes code, when they become a maintainer, and when other important events happen for that repository. This can help you understand the contributors influence and impact over time, track their progression as a contributor to that repository, and give you context for any security incidents that occur.
Make more informed decisions with visibility into key behaviors and events for those packages that are critical to your systems and software.
Bulletproof Trust Workflow Agent
The Bulletproof Trust Workflow Agent is a new command line tool that allows you to upload an SBOM to Bulletproof Trust, manage your projects, retrieve metrics, and generate and download reports. It's the kind of tool you'll want in your build environment... the kind of tool that doesn't mess around with clicking around.
Full Custom Reports
There are two types of people: Those who need reports, and those who consider them a necessary evil. Bulletproof Trust helps both.
Bulletproof Trust delivers PDF reports, JSON reports, even markdown and html embeds for build dashboards and the like. The embedded reports are sharp, the JSON reports are structured, and the PDF reports are beautiful (unless you want them ugly -- it's your template... so it's up to you ??).
Oh, and for those who consider reports a necessary evil, not to worry. They're as easy to generate as clicking a button or sending an API request.
Alert Model Editor
Sure, you can use VI (or Emacs if you're glutton for punishment). But why not edit your Bulletproof Trust alert model right in Bulletproof Trust? Well, before Diadem, you couldn't. But today, it's two clicks away.
领英推荐
And no, this isn't just some basic browser-based text editor. It's fully featured, complete with validation checks and inline autocorrect to ensure no mess-ups, collapsable sections so you can focus on what matters, and alert model suggestions so you don't have to remember the vast constellation of possibilities you can use to measure risk.
Hot New Widgets and Usability
Check out our nice little hot links to helpful documentation and support. User guides, API guides, and release notes are now only a click away. For those that don't read those things... the Bulletproof Trust support team is only a click away too ??.
Finally, we've rolled up our incredible data in a few new ways, making it even easier to visualize risk in open-source software. Oh, and check out our fancy new gauge for intuitively seeing the risk score in your project. These little jewels make the whole Bulletproof Trust experience so much better.
CycloneDX SBOM Tool
If you're not into SBOMs, skip ahead. But if you are...
The BitBake CycloneDX SBOM Tool is a system utility bundled with Bulletproof Trust which parses the build dependency graph for a given BitBake target and generates a CycloneDX SBOM for it. For each recipe and build target in the dependency graph, the tool extracts the required data for Bulletproof Trust's analysis processes and formats a valid SBOM reference to uniquely identify the recipe being built. Additionally, it supports the native build recipes as well, so that the toolchain itself, as well as the target build outputs become part of the SBOM and is analyzable by Bulletproof Trust.?
In short, it helps comprehensively track all components and tools used in building a software product, helping ensure security and compliance.
Give it a Test Spin
Bulletproof Trust Diadem is a crowning achievement in the world of C-SCRM tools. It's a jewel in a sea of rocks. A constellation in a... okay, we'll stop.
But it's awesome, and if you want to see Bulletproof Trust live or give it a test spin, contact us for a demo and free eval ASAP!
About Dark Sky Technology:
Dark Sky Technology is securing the world of software that powers our nations' most critical systems, devices, and applications by identifying malicious threats, untrustworthy contributors, risky code, and cyber attacks in open-source software. Our advanced analytics on open-source packages and their contributors protects the software supply chain and enables our customers to deploy secure, reliable, trusted software with confidence. Our tagline? "Finally. Trust in Open Source." Information about Dark Sky Technology can be found at www.darkskytechnology.com.
Who We Help:
We play in the open-source software security, software supply chain security, software supply chain risk management (CSCRM), and related markets. Most of our customers are aerospace and defense customers or government military branches and agencies. We are aiming to help these types of customers measure the riskiness and trustworthiness of using open-source software packages in their systems and software applications.
About our Product, Bulletproof Trust:
Our platform, Bulletproof Trust is a scalable software assurance and intelligence tool that measures the trustworthiness of open-source packages AND contributors. It scours various sources of online intelligence (OSINT) to analyze the health and status of and to identify malicious, criminal, or sanctioned contributors in an open-source package. Furthermore, it helps customers meeting the CISA Secure Software Development Attestation Form and NIST 800-161r1 requirements through software bill of materials (SBOM) generation and management. Information about Bulletproof Trust can be found at www.darkskytechnology.com/bulletproof-trust.