Leveraging SBOMs to Automate Packaging, Transfer, and Reporting of Dependencies Between Secure Environments
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore an innovative approach to utilizing Software Bill of Materials (SBOMs) in a conference talk from KubeCon + CloudNativeCon Europe. Learn how Lockheed Martin leverages the CycloneDX Specification as a packaging standard to validate and transfer assets across network boundaries, particularly in secure environments with strict controls. Discover how this method enables development teams to update build dependencies without network connectivity and create "seeding" deployments for Cloud Native infrastructure. Witness a demonstration of Hoppr, an open-source tool with an extendable plugin architecture, designed for security validation and multi-team transfers using CycloneDX SBOMs. Gain insights into collecting items based on purls, running validation, and creating transfers for secure environments in this 26-minute presentation by Ian Dunbar-Hall and Jerod Heck.
Syllabus
Leveraging SBOMS to Automate Packaging, Transfer, and Reporting of D... Ian Dunbar-Hall & Jerod Heck
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Target Rich Cyber PoorBSidesLV via YouTube The A's, B's, and Four C's of Testing Cloud-Native Applications
LASCON via YouTube SBOM Challenges and How to Fix Them
BSidesLV via YouTube The Case for Software Bill of Materials
BSidesLV via YouTube Collaborating to Improve Open Source Security - How the Ecosystem Is Stepping Up
RSA Conference via YouTube