Hello Everyone - My presentation on Software Suppl...
# platform-toolbox
Hello Everyone - My presentation on Software Supply Chain Security is here: https://platformcon.com/talk/a-different-kind-of-s3-first-line-security-of-the-supply-chain Hopefully you find it interesting and useful. I'm available to discuss and answer questions in this channel. Looking forward to getting your feedback and comments. Thanks!
👀 2
🙌 1
Just started it !
@John with SBOMs being reactive, aren't the proactive, since I would get the SBOM before I deploy my code anyway ? I thought I would get it before even adding it locally ?
@Shawn McCarthy Your point is valid. I was trying to convey they are reactive in a sense that an SBOM is a static historical build record for a given software artifact that doesn't "naturally" reflect dependency changes that have occurred since that build occurred. For immutable images that is OK and important and valuable. However, it's important to monitor dependencies indicated by these SBOMs to anticipate impending changes for future builds. This is the proactive part Im trying to convey. Maybe I could find a better way to make that point more clearly. Thanks for your comment.