Delivering Secure and Compliant Software Components with OCM and GitOps

Explore the Open Component Model (OCM) and its integration with GitOps in this 27-minute talk by Dan Small from SAP SE. Learn how OCM, an open standard with an open-source toolkit, describes software components in a technology-agnostic, machine-readable format and automates continuous deployment via GitOps. Discover the concept of Software Bill of Delivery (SBoD) for tracking all artifacts of complex products, and understand how OCM serves as a single source of truth for required operations. Gain insights into the security and compliance benefits of OCM and GitOps Localization, including air-gapped environments, offline CI/CD, end-to-end supply chain shielding, and cloud application migration. Witness a demonstration on deploying signed, attestable, and verifiable artifacts in environments with limited or no connectivity, particularly for high-security and regulated clouds. The talk covers topics such as automation, deployment descriptors, localization rules, component archives, and component version YAML files.

Intro
Challenge
Automation
Demo Overview
Deployment descriptor
Localization rules
Component archive
Component version yaml
Summary