Explore a comprehensive conference talk on proving software safety through the use of Software Bill of Materials (SBOMs). Learn how to apply food industry safety practices to software development, understand the importance of knowing what's inside your applications, and discover the benefits of using SBOMs. Follow a step-by-step demonstration of creating and analyzing SBOMs for a sample application, compare different Python container images, and gain insights into storing and distributing SBOM files. Acquire valuable knowledge on enhancing software security, analyzing dependencies, and making informed decisions about the components used in your projects.
Overview
Syllabus
intro
preamble
short agenda
for future use...
from code to production
a random app step by step: worker.py
how is this done in the food industry?
food safety
it probably depends
it is nice to know what's inside
why not do the same with our
...boms are there to help
why use sboms?
did you see this?
was your app affected?
like food labels sboms tell you what's inside
example sbom snippet
more and more you can download them upfront
and analyze them before you install something
back to our app: worker.py
step 1: the code
shipping the app
building the container images
build result
sbom creation
source code analysis
our first image based on python:latest
can we do better: python:3.9.18-slim
let's try one more image: python:alpine
summary
storing sbom files
distributing sbom files
final words
interesting links
Taught by
Conf42
