A talk at DevOps Finland on the SLSA framework, SBOM (Software Bill of Materials) and the current state of software supply chain security in general.
Abstract#
A practical take on the SLSA framework, SBOM (Software Bill of Materials) and the current state of software supply chain security in general. Instead of a deep dive, this talk focused on why should you care about supply chain security and what concrete steps can be taken to improve your security posture.
What’s covered?#
- Current state of software supply chain security
- SBOM (Software Bill of Materials)
- SLSA framework (Supply-chain Levels for Software Artifacts)
- Example of Provenance and Signing with GitHub Actions
Links#
Software Supply Chain Best Practices by CNCF
9th Annual State of the Software Supply Chain by Sonatype
Sigstore - signing, verification and provenance checks
Google Cloud Build Build Provenance
If you need help optimising your software development and continuous delivery processes, don’t hesitate to get in contact with us!
