Explore the critical aspects of software supply chain security in this 36-minute panel discussion from the Cloud Native Computing Foundation (CNCF). Dive into the world of Software Bill of Materials (SBOMs), Vulnerability Exploitability Exchange (VEX), and their applications in Kubernetes environments. Learn from industry experts as they discuss standardization efforts around CycloneDX and SPDX formats, and examine the emerging role of VEX in determining vulnerability exploitability. Gain practical insights into gathering, using, and handling SBOMs for containers running on Kubernetes and the underlying images. Discover use cases spanning open source projects, vendors, cloud providers, and highly regulated environments such as financial services and critical national infrastructure. Benefit from the deep expertise of panelists in SBOMs, VEX, supply chain security, and cloud native application security to enhance your understanding of these crucial topics in modern software development and deployment.
SBOMs, VEX, and Kubernetes - Software Supply Chain Security in Cloud Native Environments
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
SBOMs, VEX, and Kubernetes
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Kubernetes Security: Implementing Supply Chain Security
-
How to Reduce CVE Noise with VEX - Vulnerability-Exploitability eXchange
-
Securing the Software Supply Chain - SBOMs and Their Impact
-
Cloud Native Supply Chain Security: Beyond SBOMs - Perspectives and Practices
-
VEX Overview - Cybersecurity and Infrastructure Security Agency
-
Enabling VEX and Full SBOM Coverage with Wolfi Based Containers
