We previously wrote about the launch of AnyTree, a software deployment system that provides source code-level security using cryptographic signatures and proprietary Deep SBOM technology.
AnyTree supports popular Git repositories such as GitHub and GitLab, allowing developers to maintain existing workflows and ensure security. And Deep SBOM technology solves the problem of software reproducibility and verifiability.
Unlike traditional static software specifications (SBOM), Deep SBOM provides an unprecedented level of transparency. It describes each step, resource, and dependency in detail, ensuring that software artifacts are accurately reproduced.
This process minimizes inconsistencies, vulnerabilities and the need for manual audits, bridging the gap between manual and automated security reviews.
To use AnyTree with GitHub:
โบ1๏ธโฃ Clone the repository of AnyTree
โบ2๏ธโฃ Run «make install» command
โบ3๏ธโฃ Generate SBOM with Python script
๐ต4๏ธโฃ Build the application using the generated SBOM
Deep SBOM functionality extends to all Git users, improving security even if not all GOSH features are used.
AnyTree's core philosophy is based on the principles of trust, allowing developers to take advantage of untrusted signatures and immutable assemblies based on a trusted infrastructure.
๐ก This approach provides additional security for the software supply chain, allowing you to instantly recognize errors and intrusions.
๐ More details: in this article.