An SBOM Primer: From Licenses to Security, Know What’s in Your Code... - Jeff Shapiro & Gary O'Neall

An SBOM Primer: From Licenses to Security, Know What’s in Your Code, or Someone Else’s! - Jeff Shapiro, The Linux Foundation & Gary O'Neall, Source Auditor Hey, I heard about this new thing called an SBOM, and a lot of my users are asking for one! What is it and how can it help? The Software Bill Of Materials (SBOM) isn’t new, but it is more important than ever, and is often being requested (or even required) for many open source projects. It’s a great way to inventory every component that goes into making your project what it is. It allows you to catalog every source code module, binary package, library, artifact, and dependency. It’s super helpful when it’s time for license compliance and tracking security vulnerabilities! It not only helps you, but it also helps your downstream users. Including an SBOM with your project can increase adoption and usage of your code by giving users critical information they need in a standard and easy to use format. Ok, so how do I go about creating my SBOM? We will discuss this, as well as what goes into an SBOM, how to use it, when it’s required, industry standards, and more! This presentation is sure to be a hit, don’t miss out! This session is suitable for anyone who is new to open source, curious about SBOMs, and includes those who already have some knowledge but want a deeper level of understanding.