Files
containers/slides/sbom/python-lcm.md
Marco Verleun c8dee75daf
Some checks failed
Gitea Actions Demo Training / Explore-Gitea-Actions (push) Failing after 10s
More info
2024-02-18 11:43:45 +01:00

76 lines
1.4 KiB
Markdown

# Why use SBOMs?
Do you want to be in control of your software?
Let's see some reasons why you want to use SBOM's.
---
class: pic
## Did you see this?
.center[![sbom](images/sbom/CVE-2023-38545.png)]
---
## Was your app affected?
If so:
- How did you know?
- How long took it to figure it out?
--
SBOM's are extremly useful in these situations...
Look at this:
![sbom](images/sbom/CVE-2023-38545-found.png)
---
class: pic
## Like food labels SBOMs tell you what's inside
.center[![sbom](images/sbom/can-1.jpg)]
---
## Example SBOM snippet
```json
{
"id": "e1597ba21775e886",
"name": "certifi",
"version": "2022.12.7",
"type": "python",
"foundBy": "python-package-cataloger",
"locations": [
{
"path": "/usr/local/lib/python3.11/site-packages/certifi-2022.12.7.dist-info/METADATA",
"layerID": "sha256:2ecbe4cb3d052a933e1cab8d573b14cfb4c50df323e4efde9cece026ce0fc73e",
"annotations": {
"evidence": "primary"
...
"licenses": [
{
"value": "MPL-2.0",
"spdxExpression": "MPL-2.0",
"type": "declared",
```
---
class: pic
## More and more you can download them upfront
.center[![sbom](images/sbom/github-sbom-example.png)]
---
class: pic
## And analyze them before you install something
.center[![sbom](images/sbom/sbom-scan-result.png)]