Play all

Intro

Outline

Protecting the Software Supply Chain

Regulatory Agencies have taken notice

Build Images from Source Code

Simplified Build Flow

"Nutrition Information" for Software

Recipe Metadata

SPDX Generation

Yocto Project role in the Software Supply Chain

Yocto SPDX Features

What can we generate SPDX documents for?

SPDX Relationships

Future Improvements

Why do we need reproducible builds?

Binary output should associate with recipe hashes

Enabling Reproducible Builds

Reproducibility Testing

Extending Quality Assurance Test

Buildtools replaces Host tools

SPDX 3.0 and the Future

Description:

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only! Grab it Explore the critical role of Software Bill of Materials (SBoMs) in protecting the software supply chain through this 35-minute conference talk. Learn why SBoMs are essential, how to generate them using the Yocto Project, and their practical applications. Discover the unique position of the Yocto Project in describing complex supply chains, understand the regulatory importance of SBoMs, and delve into SPDX generation and relationships. Gain insights into future improvements, the significance of reproducible builds, and the upcoming SPDX 3.0 standard. Equip yourself with knowledge on maintaining comprehensive software supply chain descriptions and leveraging the Yocto Project's rich metadata for enhanced software development practices.

Software Bill of Materials (SBoM) and Supply Chain with the Yocto Project - Generating and Using SBoMs

Yocto Project

Add to list

#Programming #Software Development #Software Bill of Materials #Business #Management & Leadership #Quality Management #Quality Assurance #Engineering #Electrical Engineering #Embedded Systems #Yocto Project #Regulatory Compliance #Computer Science #Information Technology #Data Management #Metadata #Open Source #Software Licensing #SPDX