Software Bill Of Materials (SBOMs) are booming (or sBO(O)Ming) today, becoming a backbone of many Software Supply Chain security and compliance efforts. This session will cover the speakers' real-world experiences when they created their own SBOM format and put it in production long before SBOM became a thing. We will talk about SBOM basics, formats, and industry standards, showcase three stages for SBOM management (collection/producers, distribution/storage, and analysis/consumers), walk you through various rapidly growing tools from each category, and discuss strategies for building your own built-to-your-spec solution. We will demo how to collect, store and consume SBOMs using open-source projects. You'll leave this talk with a deeper understanding of SBOM and how to properly use it to increase transparency, security, and compliance in your Software Supply Chain.
Product Leader with over a decade of expertise in building apps around Open Source and Software Supply Chain Security at Bitnami (Engineering) and VMware (PM).