SupplyChainSecurityCon 2022

SBOMs, or Software Bill of Material reports, are finally being recognized for their importance in hardening cyber security. They play a crucial role in building transparency into the binary objects we deliver to our end users. Most of us think of an SBOM at the application level. In a microservice implementation, we generate the SBOM at the service level. This presentation will review how Ortelius, incubating at the Continuous Delivery Foundation, provides SBOMs aggregated at the ‘logical’ application level, with versioning. In addition to SBOMs, Ortelius also aggregates application level licensing and CVE reports providing the insights needed to build trust into the supply chain across the organization. Ortelius's architecture will be reviewed, showing how its versioning and dependency engine tracks updates to a container registry, which triggers the creation of new service and application versions, with continuous SBOM updates.

Dates

Author

Conferences

Tags

Managing Application Level SBOMs with Ortelius

tldr - powered by Generative AI