So, SBOMs Matter…Now What? - Sophie Wigmore & Frankie Gallina-Jones, VMware
Abstract
Lately, the main conversation in the software bill of materials space has largely been around why you need a SBOM to solve your security concerns, and what it can add to your secure software supply chain. At this point, community buy-in is strong, but critical questions remain undecided: How is this technology best employed in a Kubernetes setting? Which of the options in this space is right for each use case? In an emerging space within the cloud native community, there is a lot to learn, and it seems as though the best practices are changing all the time. In this session, attendees will be walked through the pros/cons of different SBOM approaches by people who have spent over a year exploring this topic, defining best practices, and building open source solutions with SBOMs. Additionally, attendees will get a demonstration of how Paketo Buildpacks-generated application images already contain an embedded SBOM, by leveraging Syft.