Some checks failed
Gitea Actions Demo Training / Explore-Gitea-Actions (push) Failing after 10s
76 lines
1.4 KiB
Markdown
76 lines
1.4 KiB
Markdown
|
|
# Why use SBOMs?
|
|
|
|
Do you want to be in control of your software?
|
|
|
|
Let's see some reasons why you want to use SBOM's.
|
|
---
|
|
class: pic
|
|
|
|
## Did you see this?
|
|
|
|
.center[]
|
|
|
|
---
|
|
|
|
## Was your app affected?
|
|
|
|
If so:
|
|
|
|
- How did you know?
|
|
- How long took it to figure it out?
|
|
|
|
--
|
|
|
|
SBOM's are extremly useful in these situations...
|
|
|
|
Look at this:
|
|
|
|

|
|
|
|
---
|
|
class: pic
|
|
|
|
## Like food labels SBOMs tell you what's inside
|
|
|
|
.center[]
|
|
|
|
---
|
|
|
|
## Example SBOM snippet
|
|
|
|
```json
|
|
{
|
|
"id": "e1597ba21775e886",
|
|
"name": "certifi",
|
|
"version": "2022.12.7",
|
|
"type": "python",
|
|
"foundBy": "python-package-cataloger",
|
|
"locations": [
|
|
{
|
|
"path": "/usr/local/lib/python3.11/site-packages/certifi-2022.12.7.dist-info/METADATA",
|
|
"layerID": "sha256:2ecbe4cb3d052a933e1cab8d573b14cfb4c50df323e4efde9cece026ce0fc73e",
|
|
"annotations": {
|
|
"evidence": "primary"
|
|
...
|
|
"licenses": [
|
|
{
|
|
"value": "MPL-2.0",
|
|
"spdxExpression": "MPL-2.0",
|
|
"type": "declared",
|
|
```
|
|
|
|
---
|
|
class: pic
|
|
|
|
## More and more you can download them upfront
|
|
|
|
.center[]
|
|
|
|
---
|
|
class: pic
|
|
|
|
## And analyze them before you install something
|
|
|
|
.center[]
|