Explore an innovative approach to utilizing Software Bill of Materials (SBOMs) in a conference talk from KubeCon + CloudNativeCon Europe. Learn how Lockheed Martin leverages the CycloneDX Specification as a packaging standard to validate and transfer assets across network boundaries, particularly in secure environments with strict controls. Discover how this method enables development teams to update build dependencies without network connectivity and create "seeding" deployments for Cloud Native infrastructure. Witness a demonstration of Hoppr, an open-source tool with an extendable plugin architecture, designed for security validation and multi-team transfers using CycloneDX SBOMs. Gain insights into collecting items based on purls, running validation, and creating transfers for secure environments in this 26-minute presentation by Ian Dunbar-Hall and Jerod Heck.
Leveraging SBOMs to Automate Packaging, Transfer, and Reporting of Dependencies Between Secure Environments
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Leveraging SBOMS to Automate Packaging, Transfer, and Reporting of D... Ian Dunbar-Hall & Jerod Heck
Taught by
CNCF [Cloud Native Computing Foundation]