Attending this event?
June 21-24, 2022
Austin, Texas, USA + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central Daylight Time (UTC -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Tuesday, June 21 • 4:05pm - 4:45pm
GitBOM: Repurposing Git’s Graph for Supply Chain Security & Transparency - Aeva Black, Microsoft & Ed Warnicke, Cisco Systems

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

What if we could know the complete and reproducible artifact tree for every binary executable, shared object, container, &etc – including all its dependencies – and you could efficiently cross-reference that against a database of known vulnerabilities *before* you deploy? If you had had that information, could you have remediated Log4Shell faster? Might it even help open source maintainers identify at-risk dependencies sooner? If you're thinking, "this sounds too good to be true - what's it going to cost?", then we really hope you’ll join us because we believe this should be an automatic part of open source build tools. In this talk, Aeva and Ed will share why they're so excited about GitBOM and explain what it is (hint: it's not git and it's not an SBOM). If the demo gods are willing, they will show you how you can generate a GitBOM with a simple command-line tool, and explain why you won't have to. Finally, if you want to add support for GitBOM to your favorite tool or language, this talk will give you enough information to get started.

avatar for Ed Warnicke

Ed Warnicke

Cisco Systems, Distinguished Engineer
Ed Warnicke is a Distinguished Engineer at Cisco Systems. He has been working for nearly two decades in many areas of networking and Open Source. Ed is currently a co-founder of and active contributor to the GitBOM and Network Service Mesh projects. Ed has a masters in Physics (String... Read More →
avatar for Aeva Black

Aeva Black

Open Source Hacker, Azure Office of the CTO
Aeva Black is an incurably queer geek and open source hacker, passionate aboutprivacy, ethics, and ancient languages. They work in Azure's Office of the CTOand hold seats on the Board of the Open Source Initiative and on the OpenSSF'sTechnical Advisory Council. Aeva previously served... Read More →

Tuesday June 21, 2022 4:05pm - 4:45pm CDT
Room 211/212
Feedback form isn't open yet.