Explore the critical aspects of Software Composition Analysis (SCA) and Software Bill of Materials (SBOM) management in this informative conference talk. Delve into the challenges of identifying and mapping components from supplier SBOMs to internal catalogs and policies. Learn about the importance of consistent software component identification for managing vulnerability risks. Discover how to leverage Package-URLs (PURLs) to standardize SBOM ingestion and automate policy application. Gain insights on utilizing VulnerableCode, a public database of open vulnerability data, to track FOSS vulnerabilities and VEXs using open-source tools and data.
Utilizing Package-URLs for SBOM Management and Vulnerability Tracking
Overview
Syllabus
What the &#% Is in That SBOM? How to Provide Users What Software Components Are... - Helio Castro,
Taught by
Linux Foundation
Tags
Related Courses
-
SBOM X-Ray Superpowers: Making Better SBOMs and Using SBOMs
-
Dependency-Track: Intelligent Software Composition Analysis Platform
-
A Radiography of a SBOM Vulnerability Scanner
-
From SBOM to Trusted Software Supply Chain - How Far Are We?
-
Enabling VEX and Full SBOM Coverage with Wolfi Based Containers
-
Supercharge Your Software Supply Chain Security Strategy with Multi-SBOM Integration
