As a preface for what I mean by old generation tooling, here is a screenshot from Semgrep documentation: Essentially, this asks developers to centre their SBOM generation efforts around the main branch of a repository. To expand on this, legacy generation of tooling simply slaps an SBOM to a security scan, resulting in a single… Continue reading Why New Generation of SBOM Tools Matters