Introducing GitBOM: Tracking Software Dependencies and Improving Supply Chain Security
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the concept of GitBOM in this informative conference talk by Nell Shamrell-Harrington from Microsoft. Learn about the challenges of tracking dependencies in modern software development and discover how GitBOM addresses these issues. Understand the open-source, minimalist scheme that allows build tools to create compact artifact trees and embed unique references into artifacts at build time. Gain insights into how GitBOM works across different languages, environments, and packaging formats without requiring developer effort. Discover the compatibility of GitBOM with SBOMs and its potential to enhance software supply chain security. Delve into the implementation of GitBOM across various ecosystems and learn how to get involved in this innovative project.
Syllabus
Nell Shamrell- Harrington
Evidence
What is GitBOM not?
What is GitBOM?
Build Tool
Artifact Dependency Graph
How does Git create an object id?
Git Object ID
SHA-1?
What does GitBOM do?
GitBOM Document(s)
Embedded Gitoid Ideas
Taught by
Linux Foundation
Tags
Related Courses
GitHub Supply Chain Security Using GitGatLinux Foundation via edX Introduction to Security Principles in Cloud Computing
Google via Google Cloud Skills Boost DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight Hardening Your Soft Software Supply Chain
Pluralsight Secure Software Supply Chain: Using Cloud Build & Cloud Deploy to Deploy Containerized Applications
Google via Google Cloud Skills Boost