In the past couple of years, the cloud native community has become greatly invested in security, and in particular, the idea of Software Supply Chain security. Through a collective impetus, amplified by government orders, the notion of a secure supply chain is gaining traction.

Thanks to the foresight of astute contributors, the Cloud Native Buildpacks team has been able to future-proof themselves by working on two major areas. First, the availability of lean images. The second is the inclusion of SBOMs as part of their base specification.

This talk will focus on SBOMs. Specifically, attendees will learn about the ways in which SBOMs are generated, how they can be put to use, different SBOM formats, and SBOMs in different language families. All while using Cloud Native Buildpacks.

SBOMs serve to enhance supply chain security postures greatly. This talk will demonstrate how to ingest SBOMs to identify vulnerabilities and gain transparency into containers. Attendees will also learn to apply the same principles across many workflows which use Buildpacks (such as kpack, knative, etc.)