In the wake of supply chain crises like Log4j, XZ Utils, and NPM, the recent push for software compliance, such as PCI, FDA, and CRA, the Software Bill of Materials (SBOM) is no longer optional—it is a mandatory foundation for DevSecOps and essential for meeting global compliance mandates.

This session is a hands-on, practitioner-focused guide designed to demystify SBOM generation with popular open-source tooling. You will learn a streamlined, repeatable workflow: generating comprehensive, accurate SBOMs from containers and source code using Syft, exporting them in industry-standard formats like SPDX and CycloneDX, and instantly leveraging that data for actionable risk analysis using a vulnerability scanner like Grype.

Attendees will walk away with the exact command-line steps and integration strategy needed to automate SBOM creation directly into their existing CI/CD pipeline, ensuring continuous visibility and rapid incident response capability without incurring licensing costs.