Cloud Native Supply Chain Security: Beyond SBOMs - Perspectives and Practices

Explore perspectives on cloud native supply chain security beyond Software Bills of Materials (SBOMs) in this 35-minute conference talk from the Cloud Native Computing Foundation (CNCF). Gain insights from a panel of open source maintainers as they demystify the complex landscape of software supply chain security in the cloud native ecosystem. Learn about straightforward approaches and simple security hygiene practices that can significantly improve your security posture. Discover how existing tools and projects within the CNCF, such as TUF, in-toto, and witness, as well as initiatives from sibling organizations like OpenSSF's SLSA and GUAC, can address current supply chain security challenges. Understand the relationships between various security concepts, including SBOMs, SLSA, VEX, and CVEs, and how they fit into the broader picture of cloud native security. Get a glimpse into the future of supply chain security and leave with practical knowledge to navigate the rapidly evolving cloud native landscape more confidently.

It's Not Just About SBOMs: Perspectives on Cloud Native Supply Chain Security