Explore the innovative OmniBOR approach to supply chain security in this 31-minute conference talk by Frederick Kautz from SPIFFE/SPIRE. Discover how to overcome common challenges like false positives from SBOM scanners and time-consuming vulnerability verifications. Learn about a groundbreaking method for capturing the complete artifact dependency graph of your software as a direct output from build tools, rather than relying on post-build scans. Gain insights into the future of build tool integration and how this new approach can revolutionize your software security practices, saving time and improving accuracy in identifying real vulnerabilities.
OmniBOR: Bringing the Receipts for Supply Chain Security
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
OmniBOR: Bringing the Receipts for Supply Chain Security - Frederick Kautz, SPIFFE/SPIRE
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Developer Security Champion: Supply Chain Security
-
Trust No System: The Unsettling Reality of Zero Trust
-
OmniBOR: Bringing the Receipts for Supply Chain Security
-
SBOM is Coming - Why You Should Care and How You Can Help
-
Hyades - Dependency Track for Enterprise Supply Chain Security with SBOM
-
Zero-Trust Supply Chain Security with Sigstore, TektonCD and SPIFFE
