Online / 6 & 7 February 2021

visit

Tern and the State of Cloud Native Compliance


Container and VM images contain many packages and are quite a challenge for composition analysis.

The current industry standard for container compliance is to scan container images after they have been created in order to create a Software Bill of Materials (SBoM). Tern is an open source inspection tool that creates an SBoM for this very purpose. As the complexity of Cloud Native applications and the containers they are shipped with increases, however, the need for a better compliance strategy presents itself. This talk will discuss the current state of Cloud Native compliance practices and the efforts by the Open Source Technology Center at VMware to tackle these issues. This includes the work on the SPDX 3.0 linkage profile, building containers with intrinsic SBoMs, and feature implementations in Tern to support intrinsic compliance for container images.

Speakers

Photo of Rose Judge Rose Judge

Attachments

Links