Explore the intricacies of secure software supply chain metadata in this 37-minute conference talk from DockerCon 2023. Gain clarity on key concepts like SBOMs, SLSA, provenance, attestations, signatures, and VEX, and understand how they interconnect to enhance software supply chain security. Learn to create top-tier container images with signed SBOMs and provenance attestations using Docker tools that adhere to the highest supply chain standards. Discover how Docker BuildKit, Docker Scout, and GitHub Actions can be leveraged to implement these security measures. Get insights into the White House Executive Order on software supply chain security and its implications for development teams. Dive into the principles underpinning a secure software supply chain and explore various types of metadata crucial for maintaining security standards in container images.
Overview
Syllabus
Demystify Secure Software Supply Chain Metadata (DockerCon 2023)
Taught by
Docker