Discover how to enhance Software Bill of Materials (SBOM) creation and utilization in this informative conference talk. Explore the challenges of generating accurate and complete SBOMs while maintaining usability. Learn about the limitations of current Software Composition Analysis (SCA) based SBOM generation tools and their blind spots. Gain insights into a novel approach called "SBOM X-ray vision" that helps fill gaps in SBOM information. Understand how the Rekor transparency log and In-toto attestations can be leveraged to share SBOM data across projects using native CI integrations. Watch a demonstration of these new capabilities in action through the Syft tool, showcasing how to generate more comprehensive SBOMs. Enhance your understanding of SBOM creation and usage to improve software security and vulnerability response.
SBOM X-Ray Superpowers: Making Better SBOMs and Using SBOMs
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
SBOM X-Ray Superpowers: Making Better SBOMs, Using SBOMs - Brandon Lum& Chris Phillips
Taught by
CNCF [Cloud Native Computing Foundation]