Discover how to create your own Software Bill of Materials (SBOM) in this informative conference talk from KubeCon + CloudNativeCon Europe 2022. Explore the journey of the Kubernetes Release Engineering team in developing an SBOM for Kubernetes, and learn about the tools and libraries they created to help developers generate SPDX-compliant Bills of Materials for their own projects. Gain insights into the importance of SBOMs in the software supply chain, the benefits for developers and operators, and the intricacies of the SPDX standard. Watch a live demonstration of building an SPDX SBOM using the tools discussed, and understand how to implement automatic license detection for files and container images. Delve into topics such as Kubernetes container images, release processes, declarative SBOM definitions, and future plans for enhancing software transparency and security.
We Built the Kubernetes SBOM and Now You Can Write Your Own
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
Kubernetes Container Images
Kubernetes Release Overview
Our Mission
SBOM Definition
Kubernetes Release
Building the SBOM
Linear Response
Linux Foundation
SPDX
Building a better Kubernetes system
Creating a bill of materials
Declarative SBOM definition
Demo
Test Project
Output Director
Overview
Licensing
Git Ignore
Visualization
Structure
Provenance
attestation
future plans
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Leverage Kubernetes SPDX Tools to Create Your SBOM
-
SBOM Implementation Reality - The SPDX Lite Profile for First Step
-
SBOM Implementation Reality: From Crawl to Walk - SPDX Lite Profile for the First Step
-
Docker SBOM - Generating Software Bill of Materials from Container Images
-
SBOM is Coming - Why You Should Care and How You Can Help
-
Lessons Learned from Generating 100M SBOMs - Google's Approach to SBOM Compliance
