Leveraging SBOMs to Automate Packaging, Transfer, and Reporting of Dependencies Between Secure Environments
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore an innovative approach to utilizing Software Bill of Materials (SBOMs) in a conference talk from KubeCon + CloudNativeCon Europe. Learn how Lockheed Martin leverages the CycloneDX Specification as a packaging standard to validate and transfer assets across network boundaries, particularly in secure environments with strict controls. Discover how this method enables development teams to update build dependencies without network connectivity and create "seeding" deployments for Cloud Native infrastructure. Witness a demonstration of Hoppr, an open-source tool with an extendable plugin architecture, designed for security validation and multi-team transfers using CycloneDX SBOMs. Gain insights into collecting items based on purls, running validation, and creating transfers for secure environments in this 26-minute presentation by Ian Dunbar-Hall and Jerod Heck.
Syllabus
Leveraging SBOMS to Automate Packaging, Transfer, and Reporting of D... Ian Dunbar-Hall & Jerod Heck
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
From SBOM to Trusted Software Supply Chain - How Far Are We?Association for Computing Machinery (ACM) via YouTube Transparency in the Software Supply Chain - Making SBOM a Reality
Black Hat via YouTube SBOM is Here - Making Progress - Not Excuses
BSidesLV via YouTube How Software Transparency Can Help Save the World
Security BSides San Francisco via YouTube DBOM and SBOM - New Options for Better Supply Chain Cybersecurity
RSA Conference via YouTube