From Kitchen to Table: A Safe Software Journey with SBOMs
Dmitry Chuyko - BellSoft
Think of your containerized Java application as a complex dish served to production. Your software supply chain is a kitchen. Would you trust a kitchen with hidden ingredients? SBOMs are the ingredient manifests that health inspectors (scanners) and regulators (compliance) demand. This practical talk addresses the real-world problems Java and DevOps teams face: enforcing policies at CI/CD stations (GitLab/GHA), verifying manifests for pre-packaged meals (hardened containers), and passing Kubernetes health inspections (OPA/Ratify). We’ll cut through the complexity of competing formats (SPDX/CycloneDX), registry storage quirks, and toolchain integration, showing how SBOMs become actionable security artifacts, not just paperwork. Learn to build a supply chain where every component is traceable, every vulnerability is blockable, and every deployment is compliant.