We Built the Kubernetes SBOM and Now You Can Write Your Own! - Adolfo García Veytia, uServers

less than 1 minute read

Abstract

At the end of 2020, SIG Release set a goal to produce a Software Bill of Materials for Kubernetes to provide the community and downstream consumers with a verifiable manifest to attest the completeness and consistency of the artifacts built and published with each release. Adolfo will tell how the Release Engineering team built the Kubernetes SBOM and how this effort resulted in a set of libraries and tools which can be leveraged by software developers and other projects to create their own SPDX-compliant Bill of Materials out of files and container images with automatic license detection. He will address the role an SBOM plays in the software supply chain puzzle, enumerating its benefits for developers and operators. He will do a review of the SPDX standard (Software Package Data Exchange) and the rich relationships between software components it can express. The session will feature a live demo of building an SPDX SBOM using said tools which are already available to download.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

We Built the Kubernetes SBOM and Now You Can Write Your Own! - Adolfo García Veytia, uServers

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google