How SRE Teams Use Software Bill of Materials for Supply Chain Security episode artwork

EPISODE · Jun 15, 2026 · 9 MIN

How SRE Teams Use Software Bill of Materials for Supply Chain Security

from The Site Reliability Podcast with Fexingo: SRE, Uptime, and Production Engineering · host Fexingo

In this episode of The Site Reliability Podcast, Lucas and Luna dive into the growing importance of the Software Bill of Materials (SBOM) for securing software supply chains. They use the 2024 XZ Utils backdoor as a concrete case study to explain how a single maintainer burnout led to a critical vulnerability that an SBOM could have caught earlier. Lucas breaks down what an SBOM is, how it works with dependency graphs, and why the US Executive Order on Cybersecurity now mandates them for federal suppliers. Luna asks about practical implementation challenges, including tooling like SPDX and CycloneDX, and the conversation explores how SRE teams can automate SBOM generation in CI/CD pipelines. They also touch on the trade-offs between transparency and operational overhead. The episode includes a short, organic donor segment tied to the value of free, in-depth tech content. #SBOM #SoftwareBillOfMaterials #SupplyChainSecurity #XZUtils #OpenSource #DependencyGraph #Cybersecurity #ExecutiveOrder #SPDX #CycloneDX #CI/CD #SRE #SiteReliabilityEngineering #Uptime #IncidentResponse #Technology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

In this episode of The Site Reliability Podcast, Lucas and Luna dive into the growing importance of the Software Bill of Materials (SBOM) for securing software supply chains. They use the 2024 XZ Utils backdoor as a concrete case study to explain how a single maintainer burnout led to a critical vulnerability that an SBOM could have caught earlier. Lucas breaks down what an SBOM is, how it works with dependency graphs, and why the US Executive Order on Cybersecurity now mandates them for federal suppliers. Luna asks about practical implementation challenges, including tooling like SPDX and CycloneDX, and the conversation explores how SRE teams can automate SBOM generation in CI/CD pipelines. They also touch on the trade-offs between transparency and operational overhead. The episode includes a short, organic donor segment tied to the value of free, in-depth tech content. #SBOM #SoftwareBillOfMaterials #SupplyChainSecurity #XZUtils #OpenSource #DependencyGraph #Cybersecurity #ExecutiveOrder #SPDX #CycloneDX #CI/CD #SRE #SiteReliabilityEngineering #Uptime #IncidentResponse #Technology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo

NOW PLAYING

How SRE Teams Use Software Bill of Materials for Supply Chain Security

0:00 9:43

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of The Site Reliability Podcast with Fexingo: SRE, Uptime, and Production Engineering?

This episode is 9 minutes long.

When was this The Site Reliability Podcast with Fexingo: SRE, Uptime, and Production Engineering episode published?

This episode was published on June 15, 2026.

What is this episode about?

In this episode of The Site Reliability Podcast, Lucas and Luna dive into the growing importance of the Software Bill of Materials (SBOM) for securing software supply chains. They use the 2024 XZ Utils backdoor as a concrete case study to explain...

Can I download this The Site Reliability Podcast with Fexingo: SRE, Uptime, and Production Engineering episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!