CFP last date
22 December 2025
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 22 December 2025

Submit your paper
Know more
The week's pick
Responsive image
A Hybrid Transformer-CNN Framework with Early and Late Fusion for Robust Skin Lesion Classification

Raihan Tanvir
Random Articles
Reseach Article

Adaptive Risk-based Enforcement using SBOM Automation for Secure Software Supply Chains

by Sri Sowmya Nemani
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 187 - Number 56
Year of Publication: 2025
Authors: Sri Sowmya Nemani
10.5120/ijca2025925990

Sri Sowmya Nemani . Adaptive Risk-based Enforcement using SBOM Automation for Secure Software Supply Chains. International Journal of Computer Applications. 187, 56 ( Nov 2025), 61-63. DOI=10.5120/ijca2025925990

@article{ 10.5120/ijca2025925990,
author = { Sri Sowmya Nemani },
title = { Adaptive Risk-based Enforcement using SBOM Automation for Secure Software Supply Chains },
journal = { International Journal of Computer Applications },
issue_date = { Nov 2025 },
volume = { 187 },
number = { 56 },
month = { Nov },
year = { 2025 },
issn = { 0975-8887 },
pages = { 61-63 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume187/number56/adaptive-risk-based-enforcement-using-sbom-automation-for-secure-software-supply-chains/ },
doi = { 10.5120/ijca2025925990 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2025-11-18T21:11:06.825794+05:30
%A Sri Sowmya Nemani
%T Adaptive Risk-based Enforcement using SBOM Automation for Secure Software Supply Chains
%J International Journal of Computer Applications
%@ 0975-8887
%V 187
%N 56
%P 61-63
%D 2025
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Nowadays, many developers rely on third-party and open-source libraries that integrate directly into production software. However, it is critical to understand what is being integrated and who maintains it. The hidden security and governance risks within unmanaged dependencies continue to expose organizations to software supply chain attacks and compliance violations. Software Bills of Materials (SBOMs) in formats such as SPDX and CycloneDX — provide visibility into third-party components. This paper discusses how SBOMs can be automatically generated from development code and integrated into CI/CD pipelines for continuous risk assessment. The model proposed in this study ensures that every building produces an auditable SBOM, allowing the security team to continuously review, mitigate, or apply compensating controls for identified risks.

References
  1. Palo Alto Networks, “NPM Supply-Chain Attack,” Cloud Security Blog, 2025.
  2. SolarWinds, “An Investigative Update of the Cyberattack,” Technical Report, 2025.
  3. Nemani, S., “Secure OSS Compliance Release Automation Pipeline,” GitHub Repository, 2025.
  4. Anchore, “How Syft Scans Software to Generate SBOMs,” Technical White Paper, 2024.
  5. Camp, L., “Towards a More Secure Ecosystem: Implications for Cybersecurity Labels and SBOMs,” ResearchGate, 2023.
  6. Springer, S., “The Impact of SBOM Generators on Vulnerability Assessment in Python,” Springer LNCS, 2024.
  7. OWASP Foundation, “CycloneDX Authoritative Guide to SBOM,” 2024.
  8. Cybersecurity and Infrastructure Security Agency (CISA), “Widespread Supply Chain Compromise Impacting NPM Ecosystem,” Alert Bulletin, 2025.
  9. Center for Internet Security (CIS), “SolarWinds Incident Overview,” 2025.
  10. Secure by Design, “CI/CD Hardening Guide,” Implementation Handbook, 2024.
Index Terms

Computer Science
Information Sciences

Keywords

Software Bill of Materials (SBOM) Supply Chain Security CI/CD DevSecOps Risk Mitigation CMDB Infrastructure as Code (IaC)

Powered by PhDFocusTM