FossID

But most SCA workflows still assume a human pace. If AI can write code in seconds, SCA has to keep up. New Sushi Bytes episode: SCA in the AI Era 🎧 buff.ly/V3zuYk2 (2/2) #OpenSource #DevSecOps #AI

AI-generated code is driving an explosion in software. More code. More snippets. More dependencies. Engineering is starting to move at machine speed. (1/2)

No SBOM maturity = no CRA readiness. (2/2) More here: buff.ly/GHuDutH #SBOM #EUCRA #Compliance

EU CRA compliance doesn’t start in 2027. It starts with your SBOM process now. The 2026 requirement to report actively exploited vulnerabilities within tight timelines is only realistic if you have accurate, automated, versioned SBOMs in place. (1/2)

Is your SCA investment still built for 2016 software? - AI-generated code. - Outbound OSS contributions. - Regulations with teeth. 🎙️ New Sushi Bytes episode on what SCA needs to be in 2026. 🎧 buff.ly/clODbcY #SBOM #EUCRA #OpenSource #DevOps #GenAI

A short story on how AI-assisted coding can quietly create governance risk. (2/2) Read more 👇 buff.ly/F1xAY0c #SoftwareSupplyChain #OpenSource #AICode #CyberSecurity #AppSec #DevAppSec

A routine board meeting. Strong revenue. Good forecasts. Then the General Counsel raises a letter about GPL code in the product. The board asks: “What did we know, and when did we know it?” No one had a clear answer. (1/2)

You look like you need a break. Did you know there's a hidden easter egg on sca.ninja? Find and click on the levitating Shinobi to play "Shinobi Run". #DevLife #OpenSource #DevEx

🎙️ Sushi Bytes, the AI-powered podcast for software risk leaders, has launched Season Two! Shinobi wants to know what topic to tackle next, or who to interview, with his co-host, Gen. 💡 Share your thoughts in the comments below

Is your SCA investment still built for 2016 software? - AI-generated code. - Outbound OSS contributions. - Regulations with teeth. 🎙️ New Sushi Bytes episode on what SCA needs to be in 2026. 🎧 buff.ly/8khIUoz #SBOM #EUCRA #OpenSource #DevOps #GenAI

The EU Cyber Resilience Act changes everything: SBOMs, vulnerability handling, and supply chain transparency are now obligations, not recommendations. Get our concise guide + readiness checklist to prepare. 📄 buff.ly/iz6fbnK #CRA #SBOM #SupplyChainSecurity #DevSecOps

CRA is here — and software teams can’t ignore it anymore. 🎙️ New Sushi Bytes episode: Gary Armstrong breaks down CRA milestones, SBOM obligations, and what teams must act on in 2026. 🎧 Listen now. buff.ly/U0hzKHC #SBOM #EUCRA #OpenSource #DevOps

Read it here: buff.ly/oj8tZeM (3/3) #SoftwareSupplyChain #OpenSource #AppSec #SCA #DevSecOps

The first follows a front-end developer, an AI code assistant, and a small React change that quietly turns into a licensing issue months later. No villains. Just modern workflows. Written by James Spooner, FossID’s Head of Software Security and Quality Services. (2/3)

Software supply chain risk rarely looks like negligence. More often, it starts as an ordinary Tuesday. We’re launching a short “day-in-the-life” series, each story readable in under 5 minutes, to make modern software supply chain risk tangible. (1/3)

CRA is here — and software teams can’t ignore it anymore. 🎙️ New Sushi Bytes episode: Gary Armstrong breaks down CRA milestones, SBOM obligations, and what teams must act on in 2026. 🎧 Listen now - buff.ly/Kr2Hqi8 #SBOM #EUCRA #OpenSource #DevOps

Drop your thoughts in the comments or send us a DM… we’re listening, and your feedback will shape what comes next. Season 2 coming soon 🚀 buff.ly/J9UiFHv (4/4)

We’re focused on making the next season even more practical and impactful. Tell us: What episodes or topics were the most valuable? What should we do less of? What challenges are top of mind for you right now? What topics should we cover in 2026? (3/4)

🎉 That’s a wrap on Season 1 of Sushi Bytes! 🍣 Ten episodes in the books… and we hope you enjoyed the conversations, insights, and practical takes on open source, software supply chains, and modern development. (1/4)