Let's talk abut the practical, effective measures you can use to enhance your software supply chain security at tomorrow's event here at C2C - The Google Cloud Customer Community, entitled "Software Supply Chain Security: Provenance, Transparency, and Context" with Mark Chmarny, Product Manager at Google. Mark will illustrate how to implement artifact provenance attestation in your release pipelines and increase the traceability of the components and dependencies used in your software. Using these measures, you will be able to more easily identify any outdated or insecure packages that could be exploited by attackers.
We will discuss how to:
👉 Implement artifact provenance attestation in your release pipelines using Supply-chain Levels for Software Artifacts (SLSA)
👉 Increase the traceability of the components and dependencies used in your software to enable you to more easily identify any outdated or insecure packages that could be exploited by attackers using a Software Bill of Materials (SBOM)
👉 Provide up-to-date vulnerability context for your artifacts using Vulnerability Exploitability eXchange (VEX)
Want to join us?
