Eliminating the Unknowns: Using GUAC to Better Understand Your Software Supply Chain
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore how GUAC, an open-source software supply chain knowledge graph, can aggregate metadata from various document formats and public databases to illuminate your software supply chain. Learn to utilize GUAC as a data source for policy engines in admission control decisions and as a tool for security practitioners to audit organizational software supply chains. Discover the importance of analyzing supply chain metadata beyond compliance, focusing on risk reduction through better understanding of upstream dependencies in software and systems. Gain insights into managing diverse supply chain metadata formats, including CycloneDX and SPDX SBOMs, in-toto based SLSA attestations signed by Sigstore, and OSV information, to make informed decisions on the safety and security of your software development lifecycle.
Syllabus
Eliminating the Unknowns: Using GUAC to Better Understand Your Software Supply... Michael Lieberman
Taught by
Linux Foundation
Tags
Related Courses
A Mouthful of Mayhem: Taste Test and Gut Response to SLSA, GUAC, and Supply Chain SecurityCNCF [Cloud Native Computing Foundation] via YouTube GUAC 101 - Introduction to Graph for Understanding Artifact Composition
CNCF [Cloud Native Computing Foundation] via YouTube Cloud Native Security Landscape - Myths, Dragons, and Real Talk
CNCF [Cloud Native Computing Foundation] via YouTube Enforcing Supply Chain Security and Simplifying Compliance Audit for ArgoCD Deployments
CNCF [Cloud Native Computing Foundation] via YouTube Fresh SLSA and GUAC - Understanding Open Source Package Risks and Transparency
Linux Foundation via YouTube