Understanding and Implementing Software Bill of Materials (SBOM) for Secure Development
Eclipse Foundation via YouTube
Overview
Learn how Software Bill of Materials (SBOM) acts as a crucial ingredient list for software components in this 40-minute conference talk from EclipseCon 2022. Discover why SBOMs are becoming essential for software security and supply chain management through Red Hat expert Shelley Lambert's comprehensive presentation. Explore real-world applications using the Eclipse Temurin SBOM example to understand how enterprise consumers can leverage this tool to audit, trace, and secure their software supply chains. Master key concepts including SBOM materials, storage formats, trusted software initiatives like Salsa and Tamron, frameworks, dependencies, and reproducible builds. Gain practical insights into Maven artifact management and security alerts while understanding how SBOMs fit into a broader Secure Software Development Framework. Walk away equipped to implement SBOMs in your own software development process, ensuring transparency and security in your digital supply chain.
Syllabus
Intro
Agenda
What is an SBOM
SBOM Materials
List of Ingredients
Purpose
Tools
Storage Formats
SBOM Projects
Trusted Software Initiative
Salsa
Tamron
Frameworks
Dependencies
Config View
Reproducible Build Story
Comparing Builds
Positive Side Effects
Summary
Maven
Saving artifacts
Security alerts
Taught by
Eclipse Foundation