SBOM at Scale: Securing Eclipse Foundation Projects With Automated Supply-Chain Vi... Mikaël Barbero

Описание: SBOM at Scale: Securing Eclipse Foundation Projects With Automated Supply-Chain Visibility - Mikaël Barbero, Eclipse Foundation

Join us for an in-depth look at how we're elevating SBOMs to a first-class deliverable across all Eclipse Foundation project releases. We’ll walk through our end-to-end strategy (supporting a wide range of libraries, runtimes, and tools) while providing plug-and-play GitHub Actions, CLI quickstarts, and sample pipelines that simplify SBOM generation, validation, and publication. Drawing from real-world implementations, we’ll explore how historical SBOM data is preparing us for upcoming regulations and enabling rapid response to "next Log4Shell" scenarios. Finally, we’ll share insights from scaling an OWASP Dependency-Track registry: its capabilities, performance bottlenecks, metadata challenges, and the pragmatic workarounds that help keep our ecosystem secure and compliance-ready.