SBoMs and Supply Chain with the Yocto Project
11-30, 17:55–18:25 (UTC), Langdale

Maintaining a comprehensive description of the Software Supply Chain has become increasingly important in software development today. As the industry has started to form around standardized mechanisms for reporting the Software Supply Chain via a Software Bill of Materials, the Yocto project has a unique position to be able to describe complex supply chains owing to the rich, complex, and comprehensive metadata it uses to build the software.

In this talk, Joshua will describe why you need a SBoM, how to generate one with the Yocto project, what to do with it after it's created, and what the future of SBoMs in the Yocto project looks like.

See also: slides (1.7 MB)

Joshua is an Embedded Software Engineer with 14 years of experience who works for Garmin International. He has been working with the Yocto project for the past 7 years and is a member of the OpenEmbedded Technical Steering committee.