Overview
Syllabus
Intro
Yocto Project and OpenEmbedded
Why is the Software Supply Chain Important?
Addressing The Supply Chain
Build Images from Source Code
Simplified Build Flow
What is an SBOM?
Recipe Metadata
SBOM Relationships
Enabling SPDX Generation
Future Improvements
Why do we need reproducible builds?
Binary output should associate with recipe hashes
Tracing target images back to recipe outputs
Reproducibility Testing
Extending Quality Assurance Test
CVE Tracking from Yocto Project
CVE Metrics
Buildtools replaces Host tools
Using Buildtools to extend the Supply Chain
Taught by
Linux Foundation