Supply Chain Security: Building a Knowledge Graph for Artifact Relationships

Explore the complexities of software supply chain security in this 34-minute conference talk from KubeCon + CloudNativeCon Europe. Delve into the challenges of identifying vulnerabilities and understanding the impact of potential compromises in the software supply chain. Learn about a novel supply chain knowledge graph tool that combines information from SBOMs, in-toto/SLSA attestations, and other sources to provide a comprehensive view of artifact relationships and dependencies. Discover how this approach can help answer critical questions about the extent of potential security breaches and reveal often-overlooked dependencies in build systems. Gain insights into improving your organization's ability to assess and mitigate risks in the increasingly sophisticated landscape of supply chain attacks.

It's Dangerous To SLSA Alone Out There! Take This Artifact... - Mihai Maruseac & Michael Lieberman