FossID

Sushi Bytes

Sushi Bytes is an unapologetically AI-generated podcast brought to you by Shinobi, FossID’s vigilant Software Composition Analysis ninja. In each bite-sized episode, Shinobi breaks down the evolving world of software supply chain integrity – from open-source license compliance and vulnerability disclosure to SBOM standards, IP risks, and AI-generated code implications. With a surge in regulatory scrutiny and AI adoption, the software stack is becoming harder to manage – and riskier to ignore. Sushi Bytes offers sharp, fast insights for engineering leaders, open-source program managers, and leg...

Koniecznie odwiedź stronę podcastu i wesprzyj twórcę: www.buzzsprout.com

Autor

FossID

Kategoria

Technology

Strona podcastu

www.buzzsprout.com

Ostatni odcinek

17 cze 2026

Gdzie słuchać?

Podcasty w aplikacji Replaio Radio Już wkrótce

Podcasty trafią do aplikacji już wkrótce. Zainstaluj teraz i jako pierwszy zobacz nowe podejście do podcastów

Pobierz z Google Play Zainstaluj za darmo Android 5 mln+ pobrań · ocena 4,8 iOS niedługo

Odcinki

When AI Makes Coding Cheaper but Compliance Expensive 17.06.2026

AI-assisted development is changing the economics of software engineering. Code is becoming faster and cheaper to create, but for enterprise teams, the work required to verify that code is safe, compliant, and ready to ship is becoming more important – and potentially more expensive. In this episode of Sushi Bytes , Gen and Shinobi explore the hidden cost shift behind AI-driven development. As eng...

Agentic SCA is the Next Evolution in Software Supply Chain Integrity 16.04.2026

AI didn’t just change how you build software, it broke your process for inspecting it for open source license compliance and security vulnerabilities. In this episode of Sushi Bytes, Shinobi and Gen reconnect with Aaron Branson to unpack FossID’s newly announced Agentic SCA strategy – and why the timing couldn’t be better after our last conversation on SCA in the AI Era. As code generation acceler...

Software Composition in the AI Era 24.03.2026

AI is changing how software gets written – but what does that mean for open source compliance and software supply chain security? In this episode of Sushi Bytes, Shinobi and Gen explore SCA in the AI era. As development shifts from prompts to autonomous agents, tool-augmented workflows, and spec-driven engineering, traditional software composition analysis workflows need to evolve. They break down...

Modern Software Bigger SCA Expectations 19.03.2026

For years, Software Composition Analysis focused on managing open source consumption and the related legal and security risks – and that was enough. Today, it isn’t. In this episode of Sushi Bytes , Shinobi and Gen sit down with Aaron Branson to unpack why SCA must evolve to meet modern software realities: AI-generated code with unclear provenance, developers contributing back to open source witho...

CRA in Practice: SBOMs, Vulnerabilities, and Real Action Required in 2026 10.02.2026

In the first episode of Sushi Bytes Season Two, Shinobi and Gen welcome Gary Armstrong, Senior Director of Customer Success at FossID, for a practical conversation on what the CRA really requires in 2026 and 2027. Based on Gary’s recent whitepaper, Software Supply Chain Integrity and SBOM Obligations under the EU Cyber Resilience Act, this episode cuts through the noise to explain what you need to...

Due Diligence Déjà Vu: License Compliance in Software M&A 29.12.2025

Startups are moving fast – fueled by AI-generated code, experimental “vibe coding,” and a breakneck pace of shipping software. But when those startups become acquisition targets, things can get messy. In this episode, Shinobi goes solo (with Gen temporarily sidelined by a network outage) to unpack how this new wave of coding introduces license risk that traditional SBOMs miss. Learn why SCA-powere...

CRAzy Requirements: What the Cyber Resilience Act Means for Your SBOM 02.12.2025

The EU Cyber Resilience Act (CRA) is reshaping global expectations for software security – and putting Software Bill of Materials (SBOMs) at the center of compliance. In this episode, Shinobi and Gen break down what the CRA requires, how it compares to U.S. regulations, and what engineering and legal teams must do now to stay ahead. Whether you're shipping to Europe or just want to future-pro...

Snippet Detection: Small Code, Big Compliance Risk 13.11.2025

In this episode of Sushi Bytes, Shinobi and Gen unpack the high-stakes reality of code snippet: when small fragments of open source code make their way into proprietary applications and go undetected by traditional SCA tools. From copy-pasted Stack Overflow answers to AI-generated code functions, these sometimes-small code segments can carry serious licensing obligations. Learn why simplistic depe...

Unmasked: What to Look for in Picking the Right SCA Tool 13.11.2025

Not every Software Composition Analysis (SCA) tool reveals what’s really haunting your code. In this Halloween-themed episode of Sushi Bytes, Shinobi and Gen explore why comparing SCA tools is trickier than it seems—and what engineering and compliance teams should look for under the mask. From snippet detection and modified code to license clarity, SBOM formats, and audit readiness, this episode o...

Developer Velocity vs. Legal Risk: The Latest Software Engineering Tug-of-War 13.11.2025

Developer experience and productivity are critical, but so is copyright and license compliance. In this episode of Sushi Bytes, Shinobi and Gen talk about the tug-of-war between productivity-centric engineering teams and risk-averse legal teams. Who will win? Tune in to hear how modern SCA tooling can align speed with safety, automate away this friction, and give both devs and compliance leaders w...

The Real Risk of License Drift 13.11.2025

In this episode of Sushi Bytes , Shinobi and Gen dive into the hidden risk of license drift – when the open source license declared in metadata files like package.json or README doesn’t match the actual licenses embedded in the source code. It’s a common problem with serious consequences, especially in embedded systems or M&A deals. The duo explores why relying on metadata alone can mislead en...

AI-Generated Code: The Legal Unknown in Your Repo 13.11.2025

AI-assisted coding is accelerating development, but also creating compliance headaches. In this episode of Sushi Bytes, Shinobi and Gen unpack the legal gray zones around AI-generated code: Who owns it? Is it safe to use? What happens if it’s trained on GPL-licensed data? If your team uses GitHub Copilot, ChatGPT, or Claude, there’s a good chance your codebase already includes AI-generated snippet...

What’s in Your SBOM? 12.11.2025

Your software has a supply chain. Your SBOM is supposed to tell you what’s inside. But what makes a Software Bill of Materials truly useful; and why is everyone suddenly asking for one? In this episode of Sushi Bytes, Shinobi unpacks what an SBOM is, why regulatory pressure is turning it from best practice to business-critical and why spinning off “AI-BOMs” and “API-BOMs” just adds noise. Software...

VEX Marks the Spot 12.11.2025

Not every vulnerability in your SBOM is a real threat. That’s where VEX comes in. In this episode of Sushi Bytes, Shinobi and Gen explore the Vulnerability Exploitability eXchange… what it is, why it matters, and how it helps teams focus on the vulnerabilities that actually matter. From cutting through alert fatigue to avoiding the growing mess of BOM spinoffs, this duo keeps it sharp, practical,...

Introducing Sushi Bytes 12.11.2025

Welcome to Sushi Bytes – FossID’s bite-sized, AI-generated podcast hosted by Shinobi, your sharp-eyed Software Composition Analysis ninja. In this debut episode, Shinobi breaks down what “software supply chain integrity” really means… and why it’s now a board-level concern. From open source license compliance to AI-generated code and SBOMs, we explore the risks hiding in your codebase and the stra...

Słuchaj podcastu Sushi Bytes w Replaio

Radio i podcasty w jednej aplikacji - za darmo, bez zakładania konta. Zainstaluj już dziś i nie przegap premiery

Pobierz z Google Play

Replaio nie jest wydawcą podcastów; nazwy audycji, okładki i audio należą do ich autorów i są rozpowszechniane przez publiczne kanały RSS