Loading…
February 1-2, 2023 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Thursday, February 2 • 4:40pm - 5:15pm
Leveraging SBOMS to Automate Packaging, Transfer, and Reporting of Dependencies Between Secure Environments - Ian Dunbar-Hall & Jerod Heck, Lockheed Martin

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Software Bill of Materials are being touted for tracking software build dependencies and security of a built application. Often delivered with built applications for transparency. In this talk we’ll explore a different use for Software Bill of Materials, where it is used as a packaging standard to validate and transfer assets across network boundaries. At Lockheed Martin, we’re using CycloneDX Specification to automate transfers into secure environments with strict controls to allow development teams to update build dependencies without network connectivity. We also use the CycloneDX Specification to create “seeding” deployments for Cloud Native infrastructure deployments. We’ll be demoing Hoppr, an open source tool with an extendable plugin architecture to do security validation and multi team transfers. It used CycloneDX SBOMs to collect items based on purls, run validation, and create transfers to be brought into these environments.
Speakers
JH

Jerod Heck

Software Factory Product Architect, Lockheed Martin
Jerod is a Product Architect at Lockheed Martin Software Factory focused on Automation and Software Supply Chain. His efforts revolve around encouraging adoption of new technologies and integrating them into the organization. He’s a part of the CycloneDX working group and has worked... Read More →
avatar for Ian Dunbar-Hall

Ian Dunbar-Hall

Software Factory Chief Engineer, Lockheed Martin
Ian is Chief Engineer for Lockheed Martin Software Factory and specializes in DevSecOps and Cloud Native Computing. He is responsible for technical direction for repeatable development processes and tooling that is leveraged by across the company to expedite software delivery. He... Read More →

Leverageing SBOMS to Automate Packaging, Transfer, and Reporting of Dependencies Between Secure Environments pdf
Thursday February 2, 2023 4:40pm - 5:15pm PST
Room 612
  Supply Chains