SREDAY

Site Reliability, DevOps and Cloud

Nov 8, 2024 San Francisco, CA, USA

1
Days
16+
Speakers
2
Tracks
100
Attendees

Automating Supply Chain Security: Building a Robust SBOM Solution with Backstage.io

Nishkarsh Raj
StatusNeo

In today’s rapidly evolving threat landscape, Security is not just an option; it’s a necessity. With high-profile incidents like Log4J, SolarWinds, and major data leaks making headlines, organizations have turned their focus to DevSecOps and the adoption of robust security practices to protect their software supply chains. Responding to the U.S. Executive Order 14028, which mandates transparency around software components, a worldwide corporation recognized the need for an automated SBOM (Software Bill of Materials) solution that aligns with zero-trust principles and is both accessible and actionable.

Our team of Backstage.io experts pivoted from Developer Experience to Security, creating a custom SBOM plugin tailored to enterprise environment. This solution integrates seamlessly with Jenkins, GitHub Enterprise, and BlackDuck, generating comprehensive SBOMs in both SPDX and CycloneDX formats. The automated reports are published to secure repositories and presented via the Backstage interface, making them easily accessible to stakeholders with the right permissions.

This talk will delve into our journey of developing and deploying the SBOM plugin, emphasizing how it enhances supply chain security while streamlining compliance with cybersecurity standards. Attendees will gain insights into how Backstage.io can serve as a robust platform for security initiatives and will leave with practical steps for implementing a similar solution in their organizations.

Nishkarsh is a DevSecOps expert and an International GitHub Star. Nishkarsh is an ardent supporter of open-source, GitHub, DevEx, and DevOps. Nishkarsh serves as StatusNeo Inc.'s Principal Evangelist & Consultant. Over the years, he has been actively GitHubbing and contributing to open-source. By giving talks at conferences, organizing meetups, and encouraging people to take on the #100DaysofCode challenge, he has encouraged many brilliant minds to embark on their journeys in open-source projects and preach the significance of collaboration to aspiring developers.

Sponsors & Partners

Want to become a sponsor? Get in touch!