Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor

Explore the integration of Software Bill of Materials (SBOM) and enhanced vulnerability scanning in Harbor using OCI 1.1 in this informative conference talk. Discover how the rise of software supply chain attacks has increased interest in supply chain security through SBOM utilization. Learn about the SBOM integration between the Harbor project and Aqua Trivy scanner, including the current support for manually attaching SBOM artifacts to subject images. Understand how leveraging OCI distribution-spec 1.1 enables auto-generation and auto-association of SBOMs, enhancing software building process visibility. Gain insights into the streamlined vulnerability scanning process, which eliminates repetitive container image analysis. Explore the new Harbor scanner pluggable spec, offering compatibility and flexibility for large-scale container security management. Watch a demonstration of SBOM generation and scanning for vulnerabilities, providing practical knowledge for implementing these security measures in your own projects.

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor