We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Automated SBoM generation with OpenEmbedded and the Yocto Project

00:00

Formal Metadata

Title
Automated SBoM generation with OpenEmbedded and the Yocto Project
Subtitle
A case study of automated SBoM generation in meta build systems
Title of Series
Number of Parts
542
Author
Contributors
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
SBoM are becoming a critical component in ensuring the integrity of our Software Supply Chains. Many current tools for SBoMs generation focus on two ways of generating SBoMs: generating them from the initial source code, or post-mortem analysis of completed systems and artifacts. While these are both valid and useful methods of analysis, less focus has been put on the tooling that pulls upstream source code together and generates the completed system artifacts, such as a distro build system or more generically any "meta-build" system. Using OpenEmbedded as a case study, Joshua will cover the unique strengths that generating SBoMs in meta-build systems can provide, as well as the challenges when trying to do so.
SimulationMultilaterationSlide rulePhysical systemSoftware developerElectric generatorObservational studyCASE <Informatik>BitProjective planeComputer animation
Data compressionWeb browserData bufferExecution unitComponent-based software engineeringSoftwareSource codeVulnerability (computing)Revision controlComputer animation
BootingPatch (Unix)QuicksortMereologyAnalogyChainSoftwareMathematical analysisInformation
Source codeCompilerGame theoryRun time (program lifecycle phase)Dynamical systemBuildingSoftwareConnectivity (graph theory)QuicksortHeuristicChainOrder (biology)Latent heatRevision controlMultiplication signTimestampInformationSource codeBuildingVulnerability (computing)Projective planeElectric generatorRun time (program lifecycle phase)Point (geometry)Core dumpComputer fileCompilation albumEntire functionNeuroinformatikProduct (business)PhysicalismTheory of relativityAnalogyGroup actionOpen sourceElement (mathematics)Service (economics)Combinational logicUniform resource locatorDataflowLibrary (computing)Different (Kate Ryan album)1 (number)Physical systemMeta elementMathematical analysisEmail
BuildingEmbedded systemOpen sourceOpen setCore dumpProjective planeSoftware testingServer (computing)Physical systemDistribution (mathematics)
EmulationLemma (mathematics)Link (knot theory)Presentation of a groupDifferent (Kate Ryan album)Medical imagingProgram flowchart
Meta elementCompilerSource codeComputer-generated imageryTask (computing)ChainHash functionoutputCodeEncapsulation (object-oriented programming)Variable (mathematics)Kernel (computing)GUI widgetPowerPCRootMetadataArmMultiplication signSet (mathematics)CompilerSource codeMedical imagingFile systemBuildingSoftwarePhysical systemPresentation of a groupMaxima and minimaMathematicsRule of inferenceProgram flowchart
Computer-generated imageryPrice indexMaxima and minimaRootFile formatFile systemKernel (computing)Codierung <Programmierung>Computer animation
Data managementLimit (category theory)MereologyRootComputer configurationDefault (computer science)UsabilityFunction (mathematics)Computer filePoint (geometry)InformationCombinational logicNP-hardExistential quantificationBuildingChainSoftware crackingAnalogyFile systemConnectivity (graph theory)Medical imagingINTEGRALSoftwareProfil (magazine)Core dumpGroup actionFlow separationElectronic mailing listLevel (video gaming)Computer animation
Standard deviationInformationSource codeConnectivity (graph theory)Computer animation
Program flowchart
Transcript: English(auto-generated)