This session will outline the practical, effective measures you can use to enhance your software supply chain security. Google Cloud product manager, Mark Chmarny, will illustrate how to implement artifact provenance attestation in your release pipelines and increase the traceability of the components and dependencies used in your software. Using these measures, you will be able to more easily identify any outdated or insecure packages that could be exploited by attackers.

At Provenance, Transparency, and Context: Key Aspects of Software Supply Chain Security, our speaker will discuss how to:

• Implement artifact provenance attestation in your release pipelines using Supply-chain Levels for Software Artifacts (SLSA)
  
• Increase the traceability of the components and dependencies used in your software to enable you to more easily identify any outdated or insecure packages that could be exploited by attackers using a Software Bill of Materials (SBOM)
  
• Provide up-to-date vulnerability context for your artifacts using Vulnerability Exploitability eXchange (VEX)
  

This event is co-hosted with C2C, the Google Cloud Customer Community.