Explore the concept of viewing images through layered Software Bills of Materials (SBOMs) in this 23-minute conference talk by Jim Clark, Principal Software Engineer at Docker. Learn how to generate SBOMs and gain insights into the distribution of packages across Docker image layers. Discover the importance of understanding layer ownership, tracking content, and identifying shared components. Examine the significance of public data in this context and understand why this approach is valuable. Delve into strategies for reacting to findings and get practical advice on getting started with layered SBOMs. Address challenges such as dealing with noise in the data. By the end of this talk, gain a comprehensive understanding of how to leverage layered SBOMs to enhance your knowledge of your application's composition and improve container runtime security.
Overview
Syllabus
Intro
SBOMs and Image layers
Layer Ownership
Tracking Content
Shared Content
Public Data
Why?
Reacting
Getting Started
Noise
Summary
Taught by
Docker
