Improve Vulnerability Management with OCI Artifacts – It Is That Easy! - Itay Shakury, Aqua Security & Toddy Mladenov , Microsoft

less than 1 minute read

Abstract

In the past couple of years supply chain security rose to mainstream attention and the industry has been devoted to address related concerns. Managing vulnerabilities and software dependencies is an integral part of this process. One of the most dominant advancements was the popularization of standard SBOMs (Software Bill of Materials) as well as signed attestations. While SBOM generation and validation is a non-issue today, efficiently utilizing it at scale is still a challenge. It relies on custom solutions or proprietary integrations. OCI artifacts specification is a new specification, which solves this challenge in an elegant and efficient manner. With it, you can sign images, store and sign SBOMs, scan results and other important supply chain related attestations alongside the relevant artifacts in the registry. In this talk, the audience will learn how to improve their vulnerability management practices by employing the new registry capabilities and using open-source tools like Trivy, Notary and ORAS. Same practices could be utilized for any OCI artifact including WASM, packages, and libraries.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Improve Vulnerability Management with OCI Artifacts – It Is That Easy! - Itay Shakury, Aqua Security & Toddy Mladenov , Microsoft

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google