We Built the Kubernetes SBOM and Now You Can Write Your Own

Discover how to create your own Software Bill of Materials (SBOM) in this informative conference talk from KubeCon + CloudNativeCon Europe 2022. Explore the journey of the Kubernetes Release Engineering team in developing an SBOM for Kubernetes, and learn about the tools and libraries they created to help developers generate SPDX-compliant Bills of Materials for their own projects. Gain insights into the importance of SBOMs in the software supply chain, the benefits for developers and operators, and the intricacies of the SPDX standard. Watch a live demonstration of building an SPDX SBOM using the tools discussed, and understand how to implement automatic license detection for files and container images. Delve into topics such as Kubernetes container images, release processes, declarative SBOM definitions, and future plans for enhancing software transparency and security.

Intro
Kubernetes Container Images
Kubernetes Release Overview
Our Mission
SBOM Definition
Kubernetes Release
Building the SBOM
Linear Response
Linux Foundation
SPDX
Building a better Kubernetes system
Creating a bill of materials
Declarative SBOM definition
Demo
Test Project
Output Director
Overview
Licensing
Git Ignore
Visualization
Structure
Provenance
attestation
future plans