Sushi Bytes
Sushi Bytes is an unapologetically AI-generated podcast brought to you by Shinobi, FossID’s vigilant Software Composition Analysis ninja. In each bite-sized episode, Shinobi breaks down the evolving world of software supply chain integrity – from open-source license compliance and vulnerability disclosure to SBOM standards, IP risks, and AI-generated code implications.
With a surge in regulatory scrutiny and AI adoption, the software stack is becoming harder to manage – and riskier to ignore. Sushi Bytes offers sharp, fast insights for engineering leaders, open-source program managers, and legal professionals navigating the intersection of compliance, code, and code generation.
Episodes
11 episodes
CRA in Practice: SBOMs, Vulnerabilities, and Real Action Required in 2026
In the first episode of Sushi Bytes Season Two, Shinobi and Gen welcome Gary Armstrong, Senior Director of Customer Success at FossID, for a practical conversation on what the CRA really requires in 2026 and 2027. Based on Gary’s recent whitepa...
•
Episode 11
•
7:48
Due Diligence Déjà Vu: License Compliance in Software M&A
Startups are moving fast – fueled by AI-generated code, experimental “vibe coding,” and a breakneck pace of shipping software. But when those startups become acquisition targets, things can get messy. In this episode, Shinobi goes solo (with Ge...
•
Episode 10
•
4:06
CRAzy Requirements: What the Cyber Resilience Act Means for Your SBOM
The EU Cyber Resilience Act (CRA) is reshaping global expectations for software security – and putting Software Bill of Materials (SBOMs) at the center of compliance. In this episode, Shinobi and Gen break down what the CRA requires, how it com...
•
Episode 9
•
5:50
Developer Velocity vs. Legal Risk: The Latest Software Engineering Tug-of-War
Developer experience and productivity are critical, but so is copyright and license compliance. In this episode of Sushi Bytes, Shinobi and Gen talk about the tug-of-war between productivity-centric engineering teams and risk-averse legal teams...
•
Episode 8
•
4:41
Unmasked: What to Look for in Picking the Right SCA Tool
Not every Software Composition Analysis (SCA) tool reveals what’s really haunting your code. In this Halloween-themed episode of Sushi Bytes, Shinobi and Gen explore why comparing SCA tools is trickier than it seems—and what engineering and com...
•
Episode 7
•
5:55
Snippet Detection: Small Code, Big Compliance Risk
In this episode of Sushi Bytes, Shinobi and Gen unpack the high-stakes reality of code snippet: when small fragments of open source code make their way into proprietary applications and go undetected by traditional SCA tools.From copy-pa...
•
Episode 6
•
5:07
AI-Generated Code: The Legal Unknown in Your Repo
AI-assisted coding is accelerating development, but also creating compliance headaches. In this episode of Sushi Bytes, Shinobi and Gen unpack the legal gray zones around AI-generated code: Who owns it? Is it safe to use? What happens if it’s t...
•
Episode 5
•
4:18
The Real Risk of License Drift
In this episode of Sushi Bytes, Shinobi and Gen dive into the hidden risk of license drift – when the open source license declared in metadata files like package.json or README doesn’t match the actual licenses embedded in the source c...
•
Episode 4
•
4:28
VEX Marks the Spot
Not every vulnerability in your SBOM is a real threat. That’s where VEX comes in. In this episode of Sushi Bytes, Shinobi and Gen explore the Vulnerability Exploitability eXchange… what it is, why it matters, and how it helps teams focus on the...
•
Episode 3
•
5:20
