Explore the complexities of software supply chain security in this 34-minute conference talk from KubeCon + CloudNativeCon Europe. Delve into the challenges of identifying vulnerabilities and understanding the impact of potential compromises in the software supply chain. Learn about a novel supply chain knowledge graph tool that combines information from SBOMs, in-toto/SLSA attestations, and other sources to provide a comprehensive view of artifact relationships and dependencies. Discover how this approach can help answer critical questions about the extent of potential security breaches and reveal often-overlooked dependencies in build systems. Gain insights into improving your organization's ability to assess and mitigate risks in the increasingly sophisticated landscape of supply chain attacks.
Supply Chain Security: Building a Knowledge Graph for Artifact Relationships
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
It's Dangerous To SLSA Alone Out There! Take This Artifact... - Mihai Maruseac & Michael Lieberman
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Supply Chain Risk Management with OWASP Dependency-Check
-
Eliminating the Unknowns: Using GUAC to Better Understand Your Software Supply Chain
-
Where Is the GUAC? - Understanding Artifact Composition in Software Supply Chains
-
Achieving End-to-End Software Supply Chain Security with in-toto
-
SLSA in Action: Securing the Software Supply Chain
-
Securing Python Projects Supply Chain
