Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

SBOMs That You Can Trust - The Good, the Bad, and the Ugly

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the critical aspects of ensuring trustworthy Software Bill of Materials (SBOMs) in this 29-minute conference talk from the Cloud Native Computing Foundation (CNCF). Delve into the often-overlooked elements of SBOM reliability throughout its lifecycle, from generation to storage, distribution, and processing. Learn to identify potential pitfalls and ask crucial questions about your organization's SBOM practices. Discover how to leverage open-source tools and specifications such as in-toto attestations, Content Addressable Store, Supply-chain Levels for Software Artifacts (SALSA), and Sigstore to create uniquely identifiable, unforgeable, complete, and accessible SBOMs. Gain insights into implementing end-to-end SBOM solutions and other metadata like VEX and vulnerability scans that meet the highest trust standards required in future Software Supply Chains.

Syllabus

SBOMs That You Can Trust - the Good, the Bad, and the Ugly - Miguel Martinez & Daniel Liszka

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of SBOMs That You Can Trust - The Good, the Bad, and the Ugly

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.