Software Bill Of Materials (SBOMs) are booming (or sBO(O)Ming) today, becoming a backbone of many Software Supply Chain security and compliance efforts. This session will cover the speakers' real-world experiences when they created their own SBOM format and put it in production long before SBOM became a thing. We will talk about SBOM basics, formats, and industry standards, showcase three stages for SBOM management (collection/producers, distribution/storage, and analysis/consumers), walk you through various rapidly growing tools from each category, and discuss strategies for building your own built-to-your-spec solution. We will demo how to collect, store and consume SBOMs using open-source projects. You'll leave this talk with a deeper understanding of SBOM and how to properly use it to increase transparency, security, and compliance in your Software Supply Chain.
For 8+ years Miguel has been part of the team developing and operating the Software Supply Chain that powers the Bitnami/VMware catalog of Open Source Applications. Automation that keeps hundreds of applications compliant, secure and up to date. Currently, he works at Chainloop, an Open Source solution that aims to make the life of developers, SecOps and OSPO members easier, at the same time.