Loading…
In-person + Virtual
October 11-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Friday, October 15 • 11:00am - 11:35am
We Built the Kubernetes SBOM and Now You Can Write Your Own! - Adolfo García Veytia, uServers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
At the end of 2020, SIG Release set a goal to produce a Software Bill of Materials for Kubernetes to provide the community and downstream consumers with a verifiable manifest to attest the completeness and consistency of the artifacts built and published with each release. Adolfo will tell how the Release Engineering team built the Kubernetes SBOM and how this effort resulted in a set of libraries and tools which can be leveraged by software developers and other projects to create their own SPDX-compliant Bill of Materials out of files and container images with automatic license detection. He will address the role an SBOM plays in the software supply chain puzzle, enumerating its benefits for developers and operators. He will do a review of the SPDX standard (Software Package Data Exchange) and the rich relationships between software components it can express. The session will feature a live demo of building an SPDX SBOM using said tools which are already available to download.

Speakers
avatar for Adolfo García Veytia

Adolfo García Veytia

Staff Software Engineer, Chainguard
Adolfo García Veytia (puerco) is a software engineer with Chainguard based in Mexico City. He is a Technical Lead with Kubernetes SIG Release. He is one of the TLs of the Release Engineering team, specializing in improvements to the software that drives the automation behind the... Read More →


Friday October 15, 2021 11:00am - 11:35am PDT
Room 408 AB + Online