Supply chain security involves identifying risks within the technology and processes of software development. This practice has gained increased importance following recent high-profile attacks such as SolarWinds and Log4j. The United States Executive Order on Improving the Nation's Cybersecurity underscores the necessity for software producers to provide Software Bill of Materials (SBOMs). Integrating SBOM generation into your DevOps workflow is a critical strategy for securing your software supply chain.
In this presentation, the speaker will delve into supply chain security, emphasising the value of zero-trust security principles and SBOMs. They will cover SBOM generation processes and highlight how tools like sigstore can enhance supply chain security