# Why use SBOMs? Do you want to be in control of your software? Let's see some reasons why you want to use SBOM's. --- class: pic ## Did you see this? .center[![sbom](images/sbom/CVE-2023-38545.png)] --- ## Was your app affected? If so: - How did you know? - How long took it to figure it out? -- SBOM's are extremly useful in these situations... Look at this: ![sbom](images/sbom/CVE-2023-38545-found.png) --- class: pic ## Like food labels SBOMs tell you what's inside .center[![sbom](images/sbom/can-1.jpg)] --- ## Example SBOM snippet ```json { "id": "e1597ba21775e886", "name": "certifi", "version": "2022.12.7", "type": "python", "foundBy": "python-package-cataloger", "locations": [ { "path": "/usr/local/lib/python3.11/site-packages/certifi-2022.12.7.dist-info/METADATA", "layerID": "sha256:2ecbe4cb3d052a933e1cab8d573b14cfb4c50df323e4efde9cece026ce0fc73e", "annotations": { "evidence": "primary" ... "licenses": [ { "value": "MPL-2.0", "spdxExpression": "MPL-2.0", "type": "declared", ``` --- class: pic ## More and more you can download them upfront .center[![sbom](images/sbom/github-sbom-example.png)] --- class: pic ## And analyze them before you install something .center[![sbom](images/sbom/sbom-scan-result.png)]