Overview
Explore runtime software component detection techniques in this insightful conference talk. Learn about the challenges of identifying vulnerable software components in operating environments, particularly those embedded in complex dependency chains. Discover how to leverage eBPF technology to detect specific software versions, such as Log4j and Spring Core, without initial application configurations. Gain knowledge on extracting crucial information from the Linux kernel during Java application execution and processing collected data to determine Java Archive details. Examine the implementation of a runtime Java component detector and its application in verifying vulnerable component usage within public container images. Understand the importance of SBOM (Software Bill of Materials) in light of recent security incidents and explore innovative approaches to enhance software security in runtime environments.
Syllabus
Zero-Configuration Runtime Software Component Detection - Inhyeok Jang
Taught by
Linux Foundation