SBOM: What does it really tell you and the importance of having one for your organization.
- Finding and fixing known vulnerabilities in dependencies and container images
- Building a source of truth for packages to avoid malicious packages getting through
- Combining continuous packaging and security into a CI/CD pipeline
- Establishing Trust & Provenance in your Software Supply Chain
- Visibility in your Software Supply Chain with upstreams and signatures
This segment is sponsored by Cloudsmith. Visit https://securityweekly.com/cloudsmith to learn more about them!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw169