We Built the Kubernetes SBOM and Now You Can Write Your Own
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Discover how to create your own Software Bill of Materials (SBOM) in this informative conference talk from KubeCon + CloudNativeCon Europe 2022. Explore the journey of the Kubernetes Release Engineering team in developing an SBOM for Kubernetes, and learn about the tools and libraries they created to help developers generate SPDX-compliant Bills of Materials for their own projects. Gain insights into the importance of SBOMs in the software supply chain, the benefits for developers and operators, and the intricacies of the SPDX standard. Watch a live demonstration of building an SPDX SBOM using the tools discussed, and understand how to implement automatic license detection for files and container images. Delve into topics such as Kubernetes container images, release processes, declarative SBOM definitions, and future plans for enhancing software transparency and security.
Syllabus
Intro
Kubernetes Container Images
Kubernetes Release Overview
Our Mission
SBOM Definition
Kubernetes Release
Building the SBOM
Linear Response
Linux Foundation
SPDX
Building a better Kubernetes system
Creating a bill of materials
Declarative SBOM definition
Demo
Test Project
Output Director
Overview
Licensing
Git Ignore
Visualization
Structure
Provenance
attestation
future plans
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Hardening Your Soft Software Supply ChainPluralsight DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight Securing Your Software Supply Chain with Sigstore
Linux Foundation via edX GitHub Supply Chain Security Using GitGat
Linux Foundation via edX Kyverno - Deep Dive - Tech Talks
Mirantis via YouTube