More info
Some checks failed
Gitea Actions Demo Training / Explore-Gitea-Actions (push) Failing after 12s
Some checks failed
Gitea Actions Demo Training / Explore-Gitea-Actions (push) Failing after 12s
This commit is contained in:
@@ -19,7 +19,4 @@ content:
|
||||
- sbom/food-safety.md
|
||||
- sbom/python-lcm.md
|
||||
- sbom/python-app-deployment.md
|
||||
# - sbom/purpose-of-sbom.md
|
||||
#- sbom/sbom-examples.md
|
||||
- sbom/future.md
|
||||
- sbom/collection-sbom-links.md
|
||||
|
||||
@@ -14,6 +14,8 @@
|
||||
|
||||
---
|
||||
|
||||
## Short agenda
|
||||
|
||||
During this talk I want to share with you how to reveal the safety of your code without revealing the application logic.
|
||||
|
||||
And I hope to create a bit more awareness about the environment in which your application will be running.
|
||||
|
||||
@@ -168,3 +168,11 @@ Any idea which image I prefer to deploy?
|
||||
If you store these SBOM's files you can quickly evaluate if new CVE's are introduced without scanning every component or image again.
|
||||
|
||||
Or you can store them in a database like `Dependency Track` which will periodically evaluate the vulnerabilities and, if configured, send you notifications when your attention is required.
|
||||
|
||||
## Distributing SBOM files
|
||||
|
||||
The federal US government expects vendors to provide SBOM files prior to purchasing software or appliances. And they are not alone.
|
||||
|
||||
On `github.com` you'll see them appear as well, waiting for you to download them.
|
||||
|
||||
Even the new standard for container registries allows you to store SBOM information. The `docker buildx` command can do this as well.
|
||||
|
||||
Reference in New Issue
Block a user