SLSA, SigStore, SBOM & Software Supply Chain Security. What does it all mean? - Abdel Sghiouar

This talk was recorded at NDC's Copenhagen Developer's Festival. #cphdevfest #ndcconferences #devops #security #softwaredeveloper Attend the next NDC conference near you: https://ndcconferences.com https://cphdevfest.com/ Subscribe to our YouTube channel and learn every day: /‪@NDC‬ Have you heard of SLSA, or SBOM or the new fuzzy word in the street “Software Supply Chain Security'' before ? Maybe yes if you are avide reader of some tech publications out-there. But what does this all mean really ? Or rather should you care ? Well the answer is it depends. In this talk the speaker will attempt to clarify these words, what they mean and present a state of the security world with tools and methodologies people and organizations are implementing to ensure software is secured from dev to production.

Join Today
Event-Driven Architectures Done Right, Apache Kafka • Tim Berglund • Devoxx Poland 2021
▶︎

Event-Driven Architectures Done Right, Apache Kafka • Tim Berglund • Devoxx Poland 2021

Getting API security right - Philippe De Ryck - NDC London 2023
▶︎

Getting API security right - Philippe De Ryck - NDC London 2023

BREAKING NEWS: BYD reveals its 5 best-selling models for Europe in 2026!
▶︎

BREAKING NEWS: BYD reveals its 5 best-selling models for Europe in 2026!

Beyond the SBOM: Welcome CycloneDX's xBOM - From SBOM to SaaSBOM, ML-BOM, & CBOM
▶︎

Beyond the SBOM: Welcome CycloneDX's xBOM - From SBOM to SaaSBOM, ML-BOM, & CBOM

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

A SBOM'd Substation
▶︎

A SBOM'd Substation

What Does CrowdStrike Actually Do?
▶︎

What Does CrowdStrike Actually Do?

Linked-Out: Security Principles to Break Software Supply Chain Attacks
▶︎

Linked-Out: Security Principles to Break Software Supply Chain Attacks

OWASP Dependency Track and CycloneDX SBOM Standard - Steve Springett
▶︎

OWASP Dependency Track and CycloneDX SBOM Standard - Steve Springett

Software engineering at the tipping point
▶︎

Software engineering at the tipping point

Common mistakes in EF Core - Jernej Kavka - NDC Porto 2023
▶︎

Common mistakes in EF Core - Jernej Kavka - NDC Porto 2023

Building Responsible Autonomous AI Agents: Principles, Patterns, and Practices - Will Velida
▶︎

Building Responsible Autonomous AI Agents: Principles, Patterns, and Practices - Will Velida

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance
▶︎

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance

All Things in-Toto: Supply Chain Attestations, Policies an... Santiago Torres-Arias & Marcela Melara
▶︎

All Things in-Toto: Supply Chain Attestations, Policies an... Santiago Torres-Arias & Marcela Melara

The Rise of Malware Within the Software Supply Chain
▶︎

The Rise of Malware Within the Software Supply Chain

OAuth 2.0 and OpenID Connect (in plain English)
▶︎

OAuth 2.0 and OpenID Connect (in plain English)

Apache Kafka in 1 hour for C# Developers - Guilherme Ferreira - Copenhagen DevFest 2023
▶︎

Apache Kafka in 1 hour for C# Developers - Guilherme Ferreira - Copenhagen DevFest 2023

Eating SLSA on your chips: A guide to supply chain security
▶︎

Eating SLSA on your chips: A guide to supply chain security

PGP vs sigstore: the match at Maven Central by Hervé Boutemy
▶︎

PGP vs sigstore: the match at Maven Central by Hervé Boutemy

Correcting Common Async/Await Mistakes in .NET 8 - Brandon Minnick - Copenhagen DevFest 2023
▶︎

Correcting Common Async/Await Mistakes in .NET 8 - Brandon Minnick - Copenhagen DevFest 2023