Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Software Supply Chain with the Yocto Project

Linux Foundation via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the Yocto Project's approach to software supply chain management in this 32-minute conference talk by Joshua Watt from Garmin. Delve into the importance of software supply chains and learn how Yocto Project addresses key concerns. Discover the process of building images from source code, understand the concept of Software Bill of Materials (SBOM), and examine recipe metadata and SBOM relationships. Gain insights into enabling SPDX generation and future improvements in the pipeline. Investigate the significance of reproducible builds, binary output association with recipe hashes, and tracing target images. Learn about reproducibility testing, extending quality assurance tests, and CVE tracking within the Yocto Project. Explore CVE metrics and how buildtools replace host tools to extend the supply chain.

Syllabus

Intro
Yocto Project and OpenEmbedded
Why is the Software Supply Chain Important?
Addressing The Supply Chain
Build Images from Source Code
Simplified Build Flow
What is an SBOM?
Recipe Metadata
SBOM Relationships
Enabling SPDX Generation
Future Improvements
Why do we need reproducible builds?
Binary output should associate with recipe hashes
Tracing target images back to recipe outputs
Reproducibility Testing
Extending Quality Assurance Test
CVE Tracking from Yocto Project
CVE Metrics
Buildtools replaces Host tools
Using Buildtools to extend the Supply Chain

Taught by

Linux Foundation

Reviews

Start your review of Software Supply Chain with the Yocto Project

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.