Delivering Secure and Compliant Software Components with OCM and GitOps

Explore the Open Component Model (OCM) and its integration with GitOps in this 27-minute talk by Dan Small from SAP SE. Learn how OCM, an open standard with an open-source toolkit, describes software components in a technology-agnostic, machine-readable format and automates continuous deployment via GitOps. Discover the concept of Software Bill of Delivery (SBoD) for tracking all artifacts of complex products, and understand how OCM serves as a single source of truth for required operations. Gain insights into the security and compliance benefits of OCM and GitOps Localization, including air-gapped environments, offline CI/CD, end-to-end supply chain shielding, and cloud application migration. Witness a demonstration on deploying signed, attestable, and verifiable artifacts in environments with limited or no connectivity, particularly for high-security and regulated clouds. The talk covers topics such as automation, deployment descriptors, localization rules, component archives, and component version YAML files.