Supply Chain Security Trifecta - SBOM, SLSA, Scorecard

What's in the build, was it built right, are you doing the right things? Those are the questions that software users need answers to, and the trifecta of Software Bill of Materials (SBOM), Supply-chain Levels for Software Artifacts (SLSA) and Open Source Security Foundation (OpenSSF) Scorecards can provide a comprehensive set of answers to those questions. This talk will look at how SBOM, SLSA and Scorecard can be incorporated into a continuous delivery (CD) pipeline so that every release can tell its own clear story about security. Having watched this session attendees should be able to start implementing the trifecta in their own CD pipelines.