Explore the integration of Software Bill of Materials (SBOM) and enhanced vulnerability scanning in Harbor using OCI 1.1 in this informative conference talk. Discover how the rise of software supply chain attacks has increased interest in supply chain security through SBOM utilization. Learn about the SBOM integration between the Harbor project and Aqua Trivy scanner, including the current support for manually attaching SBOM artifacts to subject images. Understand how leveraging OCI distribution-spec 1.1 enables auto-generation and auto-association of SBOMs, enhancing software building process visibility. Gain insights into the streamlined vulnerability scanning process, which eliminates repetitive container image analysis. Explore the new Harbor scanner pluggable spec, offering compatibility and flexibility for large-scale container security management. Watch a demonstration of SBOM generation and scanning for vulnerabilities, providing practical knowledge for implementing these security measures in your own projects.
Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Enhancing Security and Software Supply Chain - Recent and Upcoming Features in Harbor
-
Improve Vulnerability Management with OCI Artifacts - It Is That Easy
-
A Radiography of a SBOM Vulnerability Scanner
-
Project Harbor: Year in Review and Future Roadmap
-
Secure Your Supply Chain: Adding a Software Bill of Materials to Containers for Improved Vulnerability Scanning
-
Securing Container Supply Chain in CI/CD with Notary Project, ORAS and Harbor
