https://answer.freetools.me/tags/sbom/ Recent content in SBOM on Answer Hugo -- 0.152.2 zh-cn Sat, 07 Mar 2026 11:32:20 +0800 https://answer.freetools.me/%E9%94%81%E6%96%87%E4%BB%B6%E7%9A%84%E4%B8%A4%E9%9A%BE%E5%9B%B0%E5%A2%83%E4%B8%BA%E4%BD%95%E7%A1%AE%E5%AE%9A%E6%80%A7%E6%9E%84%E5%BB%BA%E7%9A%84%E5%AE%88%E6%8A%A4%E8%80%85%E6%88%90%E4%BA%86%E6%94%BB%E5%87%BB%E8%80%85%E7%9A%84%E6%8D%B7%E5%BE%84/ Sat, 07 Mar 2026 11:32:20 +0800 https://answer.freetools.me/%E9%94%81%E6%96%87%E4%BB%B6%E7%9A%84%E4%B8%A4%E9%9A%BE%E5%9B%B0%E5%A2%83%E4%B8%BA%E4%BD%95%E7%A1%AE%E5%AE%9A%E6%80%A7%E6%9E%84%E5%BB%BA%E7%9A%84%E5%AE%88%E6%8A%A4%E8%80%85%E6%88%90%E4%BA%86%E6%94%BB%E5%87%BB%E8%80%85%E7%9A%84%E6%8D%B7%E5%BE%84/ 锁文件是确定性构建的基石，但也是供应链攻击的隐形后门。本文深入分析锁文件的设计权衡、安全陷阱和不同包管理器的实现差异，揭示确定性构建背后的复杂性博弈。 https://answer.freetools.me/%E8%BD%AF%E4%BB%B6%E4%BE%9B%E5%BA%94%E9%93%BE%E6%94%BB%E5%87%BB%E4%B8%80%E6%9D%A1%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%A6%82%E4%BD%95%E6%84%9F%E6%9F%93%E5%85%A8%E7%90%83%E5%8D%81%E5%85%AB%E4%B8%87%E5%8F%B0%E6%9C%8D%E5%8A%A1%E5%99%A8/ Fri, 06 Mar 2026 04:38:02 +0800 https://answer.freetools.me/%E8%BD%AF%E4%BB%B6%E4%BE%9B%E5%BA%94%E9%93%BE%E6%94%BB%E5%87%BB%E4%B8%80%E6%9D%A1%E6%81%B6%E6%84%8F%E4%BB%A3%E7%A0%81%E5%A6%82%E4%BD%95%E6%84%9F%E6%9F%93%E5%85%A8%E7%90%83%E5%8D%81%E5%85%AB%E4%B8%87%E5%8F%B0%E6%9C%8D%E5%8A%A1%E5%99%A8/ 深入剖析软件供应链攻击的技术原理与防御策略。从SolarWinds的SUNBURST后门到npm生态系统的投毒风暴，系统梳理攻击者如何利用开源生态的信任链发起致命打击。详细分析依赖混淆、typosquatting、维护者账号劫持等攻击向量，以及SLSA框架、SBOM、Sigstore等防御体系的演进历程。