February 1-2, 2023 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Thursday, February 2 • 2:45pm - 3:20pm
Modifying the Immutable: Attaching Artifacts to OCI Images - Brandon Mitchell, BoxBoat, an IBM Company

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Images are now being pushed to OCI registries with more and more metadata, including attestations, signatures, and SBOMs. What is involved with adding your own artifacts? This talk walks through how OCI recently standardized the process, and describes how additional data can be added to an image without modifying its immutable digest. You'll learn how tooling can ship SBOMs along side images, both for the vendor generating the SBOM and the user searching for it. And this talk will cover many of the gotchas you may encounter when implementing this yourself.

avatar for Brandon Mitchell

Brandon Mitchell

Solutions Architect, BoxBoat, an IBM Company
Brandon Mitchell is a Senior Solutions Architect for BoxBoat an IBM company, Docker Captain, OCI Maintainer, and maintainer of various OSS projects. He focuses on defining specs in OCI, improving software supply chain security, and implementing reproducible builds for container images... Read More →

Thursday February 2, 2023 2:45pm - 3:20pm PST
Room 606/607
  Supply Chains