Improve Vulnerability Management with OCI Artifacts - It Is That Easy

Discover how to enhance vulnerability management practices using OCI artifacts in this 36-minute conference talk from CNCF. Learn about the recent advancements in supply chain security, including the popularization of standard Software Bill of Materials (SBOMs) and signed attestations. Explore the challenges of efficiently utilizing SBOMs at scale and how the OCI artifacts specification elegantly solves these issues. Gain insights into signing images, storing and signing SBOMs, scan results, and other important supply chain-related attestations alongside relevant artifacts in the registry. Understand how to leverage open-source tools like Trivy, Notary, and ORAS to improve vulnerability management practices. Discover how these techniques can be applied to various OCI artifacts, including WASM, packages, and libraries.

Improve Vulnerability Management with OCI Artifacts -It Is That Easy! - Itay Shakury & T Mladenov