EPISODE · Jun 15, 2026 · 9 MIN
How SRE Teams Use Software Bill of Materials for Supply Chain Security
from The Site Reliability Podcast with Fexingo: SRE, Uptime, and Production Engineering · host Fexingo
In this episode of The Site Reliability Podcast, Lucas and Luna dive into the growing importance of the Software Bill of Materials (SBOM) for securing software supply chains. They use the 2024 XZ Utils backdoor as a concrete case study to explain how a single maintainer burnout led to a critical vulnerability that an SBOM could have caught earlier. Lucas breaks down what an SBOM is, how it works with dependency graphs, and why the US Executive Order on Cybersecurity now mandates them for federal suppliers. Luna asks about practical implementation challenges, including tooling like SPDX and CycloneDX, and the conversation explores how SRE teams can automate SBOM generation in CI/CD pipelines. They also touch on the trade-offs between transparency and operational overhead. The episode includes a short, organic donor segment tied to the value of free, in-depth tech content. #SBOM #SoftwareBillOfMaterials #SupplyChainSecurity #XZUtils #OpenSource #DependencyGraph #Cybersecurity #ExecutiveOrder #SPDX #CycloneDX #CI/CD #SRE #SiteReliabilityEngineering #Uptime #IncidentResponse #Technology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo
What this episode covers
In this episode of The Site Reliability Podcast, Lucas and Luna dive into the growing importance of the Software Bill of Materials (SBOM) for securing software supply chains. They use the 2024 XZ Utils backdoor as a concrete case study to explain how a single maintainer burnout led to a critical vulnerability that an SBOM could have caught earlier. Lucas breaks down what an SBOM is, how it works with dependency graphs, and why the US Executive Order on Cybersecurity now mandates them for federal suppliers. Luna asks about practical implementation challenges, including tooling like SPDX and CycloneDX, and the conversation explores how SRE teams can automate SBOM generation in CI/CD pipelines. They also touch on the trade-offs between transparency and operational overhead. The episode includes a short, organic donor segment tied to the value of free, in-depth tech content. #SBOM #SoftwareBillOfMaterials #SupplyChainSecurity #XZUtils #OpenSource #DependencyGraph #Cybersecurity #ExecutiveOrder #SPDX #CycloneDX #CI/CD #SRE #SiteReliabilityEngineering #Uptime #IncidentResponse #Technology #FexingoBusiness #BusinessPodcast Keep every episode free: buymeacoffee.com/fexingo
NOW PLAYING
How SRE Teams Use Software Bill of Materials for Supply Chain Security
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m