Modernizing the Management of Your Software Supply Chain – Tom Gibson – ASW #169
SBOM: What does it really tell you and the importance of having one for your organization.
- Finding and fixing known vulnerabilities in dependencies and container images
- Building a source of truth for packages to avoid malicious packages getting through
- Combining continuous packaging and security into a CI/CD pipeline
- Establishing Trust & Provenance in your Software Supply Chain
- Visibility in your Software Supply Chain with upstreams and signatures
This segment is sponsored by Cloudsmith.
Visit https://securityweekly.com/cloudsmith to learn more about them!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
With over ten years in the worlds of DevOps and Fintech, Tom is currently a Senior Staff Engineer at Cloudsmith, where he helps lead and develop the product and platform. As an automation and security enthusiast, Tom is incredibly passionate about helping people and organizations implement and adopt technologies and processes that help secure their software supply chain. When he’s not busy with computers, you can find him watching the latest reality dating TV show, building legos, or doing his 500th home improvement project.