Overview
Syllabus
Intro
Backstory
Am I safe
Sbombs
What is Trust
Time dependent
Build process
Deep scanning
Build tools
What is a build tool
Compilers
Linkers
Shared Objects
Code Generators
RPM Files
Polyglot
Artifacts
Nonsolutions
Minimum elements
Minimum identifiers
How to identify things
Git
Object IDs
Generalizing
Input manifest
Input manifest identifier
Embed input manifest identifier in output artifacts
Artifact dependency graph
Merkle tree
OmniBOR
OmniBOR Community
What is an Sbomb
cbes
patch
response teams
questions
open database
artifact dependency graphs
call your supplier
other questions
adoption tooling
call for action
hash
sha
the blog post
the build tool
broken reproducibility
Taught by
Linux Foundation