Using Python to manage Software Bill of Materials
2022-07-13 , Wicklow Hall 1

Software has become increasingly complex as it is constructed from a multitude of software components. In many cases the identification of these components are hidden as they are included through implicit dependencies. Without fully understanding the dependencies of your product it is not possible to understand the current vulnerability status of your software product or system.
In the past 12 months, there has been an increasing focus on the use Software Bill of Materials (SBOMs) as a key artefact to be delivered with a software product; it will be mandated for all software products in some markets later in 2022. SBOMs which were initially developed to capture the inter-dependencies between components (the focus was on capturing the different types of open source licences used within a product) but with the latest evolution, tracking of vulnerabilities within a product can now be performed.

This talk will introduce the SBOM concept and show how Python and its ecosystem can be used to create, manage and use SBOMs as part of your development pipeline.


Expected audience expertise: Domain:

none

Expected audience expertise: Python:

none

Abstract as a tweet:

How python is supporting the growing need for Software Bill of Materials

An experienced solution architect and cyber security consultant delivering and securing mission critical systems. In his spare time, teaches Python at Manchester CoderDojo and has acts as a mentor for Google Summer of Code (GSOC) projects supported by the Python Software Foundation.