Explore the power of Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) in container image assessment through this informative conference talk. Discover how Wolfi, an open-source container-optimized Linux distribution, achieves comprehensive SBOM coverage by accounting for components from each package source code. Learn to analyze and verify SBOMs, understand their construction process, and explore how Wolfi tooling automatically generates OpenVEX documents for newly disclosed CVEs, reducing false positives in security scans. Witness a live demonstration of building a cloud-native application image that includes a complete SBOM and VEX data, showcasing the practical implementation of these powerful security and vulnerability management tools.
Enabling VEX and Full SBOM Coverage with Wolfi Based Containers
Overview
Syllabus
Enabling VEX and Full SBOM Coverage with Wolfi Based Containers - Adolfo GarcÃa Veytia, Chainguard
Taught by
Linux Foundation
Tags
Related Courses
-
How to Reduce CVE Noise with VEX - Vulnerability-Exploitability eXchange
-
SBOMs, VEX, and Kubernetes - Software Supply Chain Security in Cloud Native Environments
-
How to Generate VEX Automatically for Your Project
-
Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor
-
Secure Your Supply Chain: Adding a Software Bill of Materials to Containers for Improved Vulnerability Scanning
-
VEXinating Container Images: The European Approach to Software Supply Chain Security
