We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Automated SBoM generation with OpenEmbedded and the Yocto Project

Formal Metadata

Title
Automated SBoM generation with OpenEmbedded and the Yocto Project
Subtitle
A case study of automated SBoM generation in meta build systems
Title of Series
Number of Parts
542
Author
Contributors
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
SBoM are becoming a critical component in ensuring the integrity of our Software Supply Chains. Many current tools for SBoMs generation focus on two ways of generating SBoMs: generating them from the initial source code, or post-mortem analysis of completed systems and artifacts. While these are both valid and useful methods of analysis, less focus has been put on the tooling that pulls upstream source code together and generates the completed system artifacts, such as a distro build system or more generically any "meta-build" system. Using OpenEmbedded as a case study, Joshua will cover the unique strengths that generating SBoMs in meta-build systems can provide, as well as the challenges when trying to do so.