September 13-16, 2022
Dublin, Ireland + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Irish Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Wednesday, September 14 • 11:15 - 11:55
Do You Know What's in the Software You Run? Introducing GitBOM - Nell Shamrell-Harrington, Microsoft

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Modern software is built with hundreds if not thousands of dependencies and transitive dependencies. Knowing not only what these dependencies are but exactly what parts of the dependencies are used in your software is a daunting task. Should a security vulnerability be found in particular file of a particular version of a dependency, how do you know whether your software uses that part? Enter GitBOM. GitBOM is an Open Source, minimialist scheme for build tools to 1) Build a compact artifact tree, tracking every source code file (including from dependencies) incorporated into each built artifact and 2) Embed a unique, content-addressable reference for that artifact tree into the artifact at build time. GitBOM is designed to construct verifiable artifact trees across languages, environments, and packaging formats with zero developer effort. While GitBOM is not itself an SBOM, it is compatible with and augments SBOMs. Come to this talk not only to learn about GitBOM (and how you can become involved!) but also to see how this build scheme can be implemented across languages and ecosystems. You will leave understanding how GitBOM can improve the security of your whole software supply chain.

avatar for Nell Shamrell-Harrington

Nell Shamrell-Harrington

Principal Software Engineer, Microsoft and Member Director, Rust Foundation Board
Nell Shamrell-Harrington is a Principal Software Engineer at Microsoft in the Azure Office of the CTO. She is a long time Open Source contributor and maintainer - she has contributed to Chef, the Rust Programming Language, ClearlyDefined, GitBOM, and many other projects. Additionally... Read More →

GitBOM pdf

Wednesday September 14, 2022 11:15 - 11:55 IST
Wicklow Hall 2B (Level 2)