Explore Google's journey in generating 100 million Software Bills of Materials (SBOMs) in response to the US White House Executive Order 14028. Discover the challenges faced, solutions implemented, and lessons learned as Google tackled the massive task of cataloging all their software. Gain insights into the organizational and engineering principles employed, including the involvement of various teams, the role of builders in SBOM generation, and the concept of attested SBOMs. Learn about the implementation of "less is more" approach and the utilization of Linux Foundation and Cloud Native Computing Foundation technologies such as SPDX, SLSA, and Intoto. Understand how Google navigated through questions regarding product selection, format choices, tooling decisions, responsibilities, storage solutions, and legal and privacy considerations to achieve SBOM compliance within a six-month timeframe.
Lessons Learned from Generating 100M SBOMs - Google's Approach to SBOM Compliance
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
We Built the Kubernetes SBOM and Now You Can Write Your Own
-
SBOM Implementation Reality - The SPDX Lite Profile for First Step
-
The Evolution of SBOMs in AlmaLinux
-
SBOMs for Embedded Systems - What's Working, What's Not
-
Composing the Ultimate SBOM - Creating Accurate and Modular Software Bill of Materials
-
Securing the Software Supply Chain - SBOMs and Their Impact
