Security News > 2023 > October > Chalk: Open-source software security and infrastructure visibility tool
Chalk is a free, open-source tool that helps improve software security.
You add a single line to your build script, and it will automatically collect and inject metadata into every build artifact: source code, binaries, and containers.
Chalk enables complete visibility across the development process, from the first time a developer creates the code to the entire lifetime a container hosting is running.
Chalk is a convenient tool for compliance by producing SBOMs, embedding code provenance details, and digitally signing them.
That basic use case means most users can shut off code scanning on the majority of their code repos, shutting down the noise and the busy work people have to do looking at it, but also saving massive amounts of money on wasted tools licenses," Mark Curphey, Co-Founder of Crash Override, told Help Net Security.
"A great and topical one is automatically generating software security supply chain reports. Chalk will generate an SBOM, add build provenance data about where the code came from and who built it, something required by the US gov directives and where no other automated solution exists, and then to top it all, digitally signs it all in a report and sends it to a central report registry. That use case is huge, just huge," he concluded.
News URL
https://www.helpnetsecurity.com/2023/10/03/chalk-open-source-software-security-tool/
Related news
- The story behind the Health Infrastructure Security and Accountability Act (source)
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)
- Vanir: Open-source security patch validation for Android (source)