Software Supply Chain with the Yocto Project
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the Yocto Project's approach to software supply chain management in this 32-minute conference talk by Joshua Watt from Garmin. Delve into the importance of software supply chains and learn how Yocto Project addresses key concerns. Discover the process of building images from source code, understand the concept of Software Bill of Materials (SBOM), and examine recipe metadata and SBOM relationships. Gain insights into enabling SPDX generation and future improvements in the pipeline. Investigate the significance of reproducible builds, binary output association with recipe hashes, and tracing target images. Learn about reproducibility testing, extending quality assurance tests, and CVE tracking within the Yocto Project. Explore CVE metrics and how buildtools replace host tools to extend the supply chain.
Syllabus
Intro
Yocto Project and OpenEmbedded
Why is the Software Supply Chain Important?
Addressing The Supply Chain
Build Images from Source Code
Simplified Build Flow
What is an SBOM?
Recipe Metadata
SBOM Relationships
Enabling SPDX Generation
Future Improvements
Why do we need reproducible builds?
Binary output should associate with recipe hashes
Tracing target images back to recipe outputs
Reproducibility Testing
Extending Quality Assurance Test
CVE Tracking from Yocto Project
CVE Metrics
Buildtools replaces Host tools
Using Buildtools to extend the Supply Chain
Taught by
Linux Foundation
Tags
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube