...
| Excerpt |
|---|
30m Muddasar Ahmedand Pawel Pawlak SBOM is ana software inventory and related descriptive information, a list of ingredients that make up software components. We will share with other LFN projects ONAP SBOM story |
Topic Overview
An SBOM is a formal, machine-readable inventory of software components and dependencies, information about those components, and their hierarchical relationships. These inventories should be comprehensive – or should explicitly state where they could not be. There are several benefits of creating and using SBOM include reducing cost, security risk, license risk, and compliance risk. SBOMs helps in improving software development, supply chain management, vulnerability management, asset management, procurement, and high assurance processes.
ONAP SBOM is a list of all components, meta data and relationships that allow to deploy ONAP. We will describe available formats, and why we selected SPDX. We will review real ONAP SBOM and discuss SBOM generation in LFN CI pipeline.
Slides & Recording
Live Interactive Session
...