Files
containers/slides/sbom/python-application.md
Marco Verleun 536f6fabd6
Some checks failed
Gitea Actions Demo Training / Explore-Gitea-Actions (push) Failing after 14s
Formatted
2024-02-03 09:12:25 +01:00

73 lines
1.2 KiB
Markdown

# From code to production
It starts with the code...
--
Which gets deployed inside/on:
- An appliance
- A host
- A container
Or is reused as an module.
---
## And do you remember:
- ShellShock
- Log4J / Log4Shell
- Heartbleed
These also affected routers, printers and other devices at home.
---
class: pic
## Like food labels SBOMs tell you what's inside
.center[![sbom](images/sbom/can-1.jpg)]
---
## Example SBOM snippet
```json
{
"id": "e1597ba21775e886",
"name": "certifi",
"version": "2022.12.7",
"type": "python",
"foundBy": "python-package-cataloger",
"locations": [
{
"path": "/usr/local/lib/python3.11/site-packages/certifi-2022.12.7.dist-info/METADATA",
"layerID": "sha256:2ecbe4cb3d052a933e1cab8d573b14cfb4c50df323e4efde9cece026ce0fc73e",
"annotations": {
"evidence": "primary"
...
"licenses": [
{
"value": "MPL-2.0",
"spdxExpression": "MPL-2.0",
"type": "declared",
```
---
class: pic
## More and more you can download them upfront
.center[![sbom](images/sbom/github-sbom-example.png)]
---
class: pic
## And analyze them before you install something
.center[![sbom](images/sbom/sbom-scan-result.png)]