Explore the critical importance of Software Bill of Materials (SBOM) in cybersecurity and supply chain management through this informative conference talk. Delve into the aftermath of Log4Shell and SpringShell vulnerabilities, and understand the significance of the US President's Executive Order 140028 and the EU's NIS2 directive in shaping cybersecurity practices. Learn about the effective use of SBOMs, including their capabilities, appropriate tools, implementation strategies, and underlying mechanisms. Discover how SBOMs surpass traditional dependency scanning in vulnerability resolution and offer comprehensive protection. Gain insights into integrating SBOMs into DevSecOps pipelines and leveraging their intelligence across various organizational roles. Examine practical examples focusing on Syft for SBOM generation and format transformation, as well as comparing Grype and bomber for vulnerability scanning and intelligence gathering.
Overview
Syllabus
[VDIASI23] - Olimpiu Pop & Steve Poole - A radiography of a SBOM vulnerability scanner
Taught by
Devoxx
Related Courses
-
The IT Ops Sessions: Generating a Software Bill of Materials for Docker Images
-
Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor
-
SBOM X-Ray Superpowers: Making Better SBOMs and Using SBOMs
-
Secure Your Supply Chain: Adding a Software Bill of Materials to Containers for Improved Vulnerability Scanning
-
Software Bill of Materials (SBOM) in Kubernetes - Best Practices and Approaches
-
From SBOM to Trusted Software Supply Chain - How Far Are We?
