Topic Leader(s)
Topic Description
30 minutes. Muddasar Ahmed, Anil Belur We will review real ONAP SBOM, discuss SBOM generation in LFN CI pipeline, progress on onboarding projects as well as lesson learnt.
Topic Overview
An SBOM is a formal, machine-readable inventory of software components and dependencies, information about those components, and their hierarchical relationships. These inventories should be comprehensive – or should explicitly state where they could not be. There are several benefits of creating and using SBOM include reducing cost, security risk, license risk, and compliance risk. SBOMs helps in improving software development, supply chain management, vulnerability management, asset management, procurement, and high assurance processes.
Slides & Recording
Software Bill Of Material (SBOM).mp4
Agenda
- Software Bill of Materials, when is the right time?
- Point 2
Minutes
Muddasar Ahmed shares an overview of recent cyber attacks and the need to improve software supply chain transparency.
- SPDX has been adopted as an ISO standard.
- Anil Belur noted that there is a go script that reads your maven settings to automatically deploy your SBOM.