Files
containers/slides/sbom/python-lcm.md
Marco Verleun c8dee75daf
Some checks failed
Gitea Actions Demo Training / Explore-Gitea-Actions (push) Failing after 10s
More info
2024-02-18 11:43:45 +01:00

1.4 KiB

Why use SBOMs?

Do you want to be in control of your software?

Let's see some reasons why you want to use SBOM's.

class: pic

Did you see this?

.center[sbom]


Was your app affected?

If so:

  • How did you know?
  • How long took it to figure it out?

--

SBOM's are extremly useful in these situations...

Look at this:

sbom


class: pic

Like food labels SBOMs tell you what's inside

.center[sbom]


Example SBOM snippet

{
      "id": "e1597ba21775e886",
      "name": "certifi",
      "version": "2022.12.7",
      "type": "python",
      "foundBy": "python-package-cataloger",
      "locations": [
        {
          "path": "/usr/local/lib/python3.11/site-packages/certifi-2022.12.7.dist-info/METADATA",
          "layerID": "sha256:2ecbe4cb3d052a933e1cab8d573b14cfb4c50df323e4efde9cece026ce0fc73e",
          "annotations": {
            "evidence": "primary"
    ...
      "licenses": [
        {
          "value": "MPL-2.0",
          "spdxExpression": "MPL-2.0",
          "type": "declared",

class: pic

More and more you can download them upfront

.center[sbom]


class: pic

And analyze them before you install something

.center[sbom]