Sushi Bytes is an unapologetically AI-generated podcast brought to you by Shinobi, FossID’s vigilant Software Composition Analysis ninja. In each bite-sized episode, Shinobi breaks down the evolving world of software supply chain integrity – from open-source license compliance and vulnerability disclosure to SBOM standards, IP risks, and AI-generated code implications. With a surge in regulatory scrutiny and AI adoption, the software stack is becoming harder to manage – and riskier to ignore ...
…
continue reading
Fossid Podcasts
1
Snippet Detection: Small Code, Big Compliance Risk
5:07
5:07
Play later
Play later
Lists
Like
Liked
5:07
In this episode of Sushi Bytes, Shinobi and Gen unpack the high-stakes reality of code snippet: when small fragments of open source code make their way into proprietary applications and go undetected by traditional SCA tools. From copy-pasted Stack Overflow answers to AI-generated code functions, these sometimes-small code segments can carry seriou…
…
continue reading
1
Unmasked: What to Look for in Picking the Right SCA Tool
5:55
5:55
Play later
Play later
Lists
Like
Liked
5:55
Not every Software Composition Analysis (SCA) tool reveals what’s really haunting your code. In this Halloween-themed episode of Sushi Bytes, Shinobi and Gen explore why comparing SCA tools is trickier than it seems—and what engineering and compliance teams should look for under the mask. From snippet detection and modified code to license clarity,…
…
continue reading
1
Developer Velocity vs. Legal Risk: The Latest Software Engineering Tug-of-War
4:41
4:41
Play later
Play later
Lists
Like
Liked
4:41
Developer experience and productivity are critical, but so is copyright and license compliance. In this episode of Sushi Bytes, Shinobi and Gen talk about the tug-of-war between productivity-centric engineering teams and risk-averse legal teams. Who will win? Tune in to hear how modern SCA tooling can align speed with safety, automate away this fri…
…
continue reading
In this episode of Sushi Bytes, Shinobi and Gen dive into the hidden risk of license drift – when the open source license declared in metadata files like package.json or README doesn’t match the actual licenses embedded in the source code. It’s a common problem with serious consequences, especially in embedded systems or M&A deals. The duo explores…
…
continue reading
1
AI-Generated Code: The Legal Unknown in Your Repo
4:18
4:18
Play later
Play later
Lists
Like
Liked
4:18
AI-assisted coding is accelerating development, but also creating compliance headaches. In this episode of Sushi Bytes, Shinobi and Gen unpack the legal gray zones around AI-generated code: Who owns it? Is it safe to use? What happens if it’s trained on GPL-licensed data? If your team uses GitHub Copilot, ChatGPT, or Claude, there’s a good chance y…
…
continue reading
Your software has a supply chain. Your SBOM is supposed to tell you what’s inside. But what makes a Software Bill of Materials truly useful; and why is everyone suddenly asking for one? In this episode of Sushi Bytes, Shinobi unpacks what an SBOM is, why regulatory pressure is turning it from best practice to business-critical and why spinning off …
…
continue reading
Not every vulnerability in your SBOM is a real threat. That’s where VEX comes in. In this episode of Sushi Bytes, Shinobi and Gen explore the Vulnerability Exploitability eXchange… what it is, why it matters, and how it helps teams focus on the vulnerabilities that actually matter. From cutting through alert fatigue to avoiding the growing mess of …
…
continue reading
Welcome to Sushi Bytes – FossID’s bite-sized, AI-generated podcast hosted by Shinobi, your sharp-eyed Software Composition Analysis ninja. In this debut episode, Shinobi breaks down what “software supply chain integrity” really means… and why it’s now a board-level concern. From open source license compliance to AI-generated code and SBOMs, we expl…
…
continue reading
