SESSION details

Name: Demystify Secure Supply Chain Metadata

Date/time: Wednesday, October 4, 2023, 1:00 PM - 1:45 PM Pacific Time


Have you heard about the terms SBOM, SLSA, provenance, attestations, signatures, or VEX but don’t quite know what those are useful for and how those pieces tie together? Has your security team started to ask questions about the White House Executive Order to enhance the security of the software supply chain? Have you heard about Secure Software Supply Chain but don’t quite understand how to apply some of the principles? This talk will focus on the various types of metadata and principles that underpin a secure software supply chain and demonstrate how you can create best-in-class container images with signed SBOMs and provenance attestations using Docker tools adhering to the highest supply chain standards. Amongst using BuildKit, Docker Scout, and GitHub Actions, we’ll likely have some new technology to show. You don’t want to miss this!