Explore the intricacies of building, signing, and distributing SPDX Software Bill of Materials (SBOMs) as an Artifact Reference Type in this 29-minute conference talk presented by Steve Lasker from Microsoft and Justin Cormack from Docker at a Linux Foundation event. Delve into the Supply Chain Artifact Types, challenges, and the role of registries and reference types in the software supply chain. Gain insights on Artifact Reference Type principals, various reference types, and the process of artifact copying. Learn about OCI Artifact Reference Types and their significance in modern software development and distribution practices.
Building, Signing, and Distributing SPDX SBOMs as Artifact Reference Type
Overview
Syllabus
SUPPLY CHAIN TOWN HALL
CHAIN What are the Supply Chain Artifact Types
CHAIN Supply Chain Artifact Challenges
CHAIN Registries & Reference Types
CHAIN Artifact: Reference Type Principals
CHAIN Artifact: Reference Types
CHAIN Artifact Copying
CHAIN OCI Artifact Reference Types TOWN HALL
Taught by
Linux Foundation
Tags
Related Courses
-
Distributing Supply Chain Artifacts with OCI and ORAS Artifacts
-
Secure Container Supply Chain in Kubernetes the Easy Way
-
Improve Vulnerability Management with OCI Artifacts - It Is That Easy
-
Software Bill of Materials (SBoM) and Supply Chain with the Yocto Project - Generating and Using SBoMs
-
Building Supply Chain Policies with Gatekeeper and Ratify
-
Securing Python Projects Supply Chain
