Weaveworks, profile picture
Uploaded byWeaveworks
PDF, PPTX501 views

Security: The Value of SBOMs

The document discusses the significance of Software Bill of Materials (SBOMs) in enhancing software security and transparency, presented by experts from Anchore and Weaveworks. It highlights GitOps as a methodology for application development and operations that adds business value. Upcoming events related to GitOps and the Cloud Native Computing Foundation's (CNCF) projects are also mentioned, along with the achievements of the Flux project within the CNCF.

Embed presentation

Download as PDF, PPTX
1 March 24, 2022 Security: The Value of SBOMs Dan Luhring, OSS Engineering Mgr, Anchore Brady Todhunter, Lead DevOps Eng, Anchore Priyanka “Pinky” Ravi, DX Engineer, Weaveworks Stacey Potter, Community Manager, Weaveworks
2 Weaveworks is founded on open source ● Flux & Flagger (CNCF): GitOps and Progressive Delivery for k8s ● Cortex (CNCF): Distributed, Long-term-storage TSDB compatible with Prometheus ● Weave Ignite: VMs with container UX & built-in GitOps management ● EKSctl: Create an Amazon EKS cluster with one command ● (and many many more projects!) And now … Weave GitOps! weave.works
3 Speakers Help/Support Dan Luhring OSS Engineering Mgr Anchore Brady Todhunter Lead DevOps Eng. Anchore Priyanka Ravi DX Engineer Weaveworks Stacey Potter Community Manager Weaveworks Browser Safari copy/paste shortcuts may not work Using Zoom Questions? • Use chat (button: top left corner of screen) • Escape to exit full screen • “To Everyone” or “To all panelists and attendees” Support: https://support.zoom.us/hc/ en-us/articles/206175806-T op-Questions Troubleshooting Use chat If the issue is not easily resolved, we ask that you follow along as we demo the sample app. Security: The Value of SBOMs Duration 30-60 Minutes
4 ● GitOps is an app dev and operations methodology ● GitOps is a methodology, not a specific tool or technology. ● GitOps applies to everything and brings business value. What is GitOps?...and why do I want it?
5 Source: opengitops.dev
6 👋 Get Connected 💬 🤝 ● ⭐ Star us on GitHub ⭐ ● Check out the Flux docs at: fluxcd.io/docs/get-started/ ● GitHub Discussions Q&A: https://github.com/fluxcd/flux2/discussions/categories/q-a ● CNCF Slack #Flux channel (or get a slack invite)
7 Mar 29: OpenSource101: WTF is GitOps & Why Should you Care? Mar 30: From Zero to GitOps Heroes! Mar 31: GitOps for Helm Users! May 16-20: Flux Booth at KubeCon! June 8-9: GitOps Days 2022! (gitopsdays.com) Upcoming Events
8 Talk & Demo Time!
Dan Luhring Manager of Open Source Engineering, Anchore luhring danluhring dan.luhring@anchore.com
What’s an SBOM?
Software bill of materials (“SBOM”) ● A “list of ingredients” for a software artifact ● Exposes what software is made up of ● Several different uses… ■ Vulnerability scanning ■ Software transparency ■ Policy
What is Anchore, Syft, Grype?
Anchore Forging the Future of Software Security. Anchore is creating a more secure software supply chain for priceless peace of mind.
Anchore’s Open Source Tools Developer-friendly scanning tools for container image security
The story of SBOMs at Flux Cloud Native Computing Foundation (CNCF) The Cloud Native Computing Foundation (CNCF) is an open source software foundation that promotes the adoption of cloud-native computing. Maturity Levels: Sandbox ➡ Incubating ➡ Graduation CNCF projects have a maturity level of sandbox, incubating, or graduated, which corresponds to the Innovators, Early Adopters, and Early Majority tiers of the Crossing the Chasm diagram. The maturity level is a signal by CNCF as to what sorts of enterprises should be adopting different projects. July 2019: Flux joins CNCF as a Sandbox Project 🏜 ⌛ 🏝 July 2020: Flux was one of only two projects in the ‘adopt’ category of CNCF CD Tech Radar 📡 ⚙ 💻 March 2021: Flux goes from Sandbox to Incubation 🥚 ⏲ November 2021: Flux Security Audit concludes in preparation for Graduation application 📄 📝 March 2022: Flux applies for Graduation 🤞🤞 🎉 🎓 🎉 🎓 🎉 🎓 🤞🤞
Here’s how Flux did it! Initialize artifact .goreleaser.yml
Here’s how Flux did it! Install Syft
Here’s how Flux did it! Generate release artifacts Create release and SBOM
Syft, Grype, & Syft+Grype
Flux @ Anchore!
Flux at Anchore How we use Flux: ● We manage 2 clusters using Flux ● Environments are set up differently ● Image Automation What I love about Flux: ● Developer empowerment ● Flexibility in deployments ● Source of truth for deployments ● Uses native kubernetes mechanisms

More Related Content

PDF
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
byEdureka!
 
PDF
Software Bill of Materials - Accelerating Your Secure Embedded Development.pdf
byICS
 
PDF
SBOM, Is It 42?
byBill Bensing
 
PDF
DevSecOps What Why and How
byNotSoSecure Global Services
 
PDF
The State of DevSecOps
byDevOps Indonesia
 
PDF
[DevSecOps Live] DevSecOps: Challenges and Opportunities
byMohammed A. Imran
 
PPTX
DevSecOps reference architectures 2018
bySonatype
 
PPTX
Docker and kubernetes
byDongwon Kim
 
What is DevOps | DevOps Introduction | DevOps Training | DevOps Tutorial | Ed...
byEdureka!
 
Software Bill of Materials - Accelerating Your Secure Embedded Development.pdf
byICS
 
SBOM, Is It 42?
byBill Bensing
 
DevSecOps What Why and How
byNotSoSecure Global Services
 
The State of DevSecOps
byDevOps Indonesia
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
byMohammed A. Imran
 
DevSecOps reference architectures 2018
bySonatype
 
Docker and kubernetes
byDongwon Kim
 

What's hot

PDF
Cloud Native Landscape (CNCF and OCI)
byChris Aniszczyk
 
PDF
Best Practices with Azure Kubernetes Services
byQAware GmbH
 
PDF
DevSecOps 101
byNarudom Roongsiriwong, CISSP
 
PDF
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
PDF
DevSecOps The Evolution of DevOps
byMichael Man
 
PDF
2019 DevSecOps Reference Architectures
bySonatype
 
PPTX
How to Get Started with DevSecOps
byCYBRIC
 
PDF
Pave the Golden Path On Your Internal Platform
byMauricio (Salaboy) Salatino
 
PPT
Docker introduction
byPhuc Nguyen
 
PPTX
ABN AMRO DevSecOps Journey
byDerek E. Weeks
 
PPTX
Azure kubernetes service (aks)
byAkash Agrawal
 
PDF
Docker Introduction
byPeng Xiao
 
PDF
Security Process in DevSecOps
byOpsta
 
PDF
Platform Engineering - a 360 degree view
byGiulio Roggero
 
PPTX
Azure DevOps CI/CD For Beginners
byRahul Nath
 
PPTX
Lets talk about: Azure Kubernetes Service (AKS)
byPedro Sousa
 
PDF
OWASP DefectDojo - Open Source Security Sanity
byMatt Tesauro
 
PPTX
The Power of Azure DevOps
byJeff Bramwell
 
PPTX
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
PPTX
DevOps to DevSecOps Journey..
bySiddharth Joshi
 
Cloud Native Landscape (CNCF and OCI)
byChris Aniszczyk
 
Best Practices with Azure Kubernetes Services
byQAware GmbH
 
DevSecOps 101
byNarudom Roongsiriwong, CISSP
 
DevSecOps: What Why and How : Blackhat 2019
byNotSoSecure Global Services
 
DevSecOps The Evolution of DevOps
byMichael Man
 
2019 DevSecOps Reference Architectures
bySonatype
 
How to Get Started with DevSecOps
byCYBRIC
 
Pave the Golden Path On Your Internal Platform
byMauricio (Salaboy) Salatino
 
Docker introduction
byPhuc Nguyen
 
ABN AMRO DevSecOps Journey
byDerek E. Weeks
 
Azure kubernetes service (aks)
byAkash Agrawal
 
Docker Introduction
byPeng Xiao
 
Security Process in DevSecOps
byOpsta
 
Platform Engineering - a 360 degree view
byGiulio Roggero
 
Azure DevOps CI/CD For Beginners
byRahul Nath
 
Lets talk about: Azure Kubernetes Service (AKS)
byPedro Sousa
 
OWASP DefectDojo - Open Source Security Sanity
byMatt Tesauro
 
The Power of Azure DevOps
byJeff Bramwell
 
Benefits of DevSecOps
byFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
DevOps to DevSecOps Journey..
bySiddharth Joshi
 

Similar to Security: The Value of SBOMs

PDF
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
byWeaveworks
 
PDF
From Zero to GitOps Heroes
byWeaveworks
 
PDF
Intro to GitOps with Weave GitOps, Flagger and Linkerd
byWeaveworks
 
PDF
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
byWeaveworks
 
PDF
Reconcile Terraform Resources the GitOps Way with Priyanka Ravi
byWeaveworks
 
PDF
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
byWeaveworks
 
PDF
Intro to GitOps & Flux.pdf
byWeaveworks
 
PDF
Get Started with Flux
byWeaveworks
 
PDF
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
byCezzaineZaher1
 
PDF
Flux Security & Scalability using VS Code GitOps Extension
byWeaveworks
 
PDF
WTF is GitOps and Why You Should Care?
byWeaveworks
 
PDF
WTF is GitOps & Why Should You Care?
byAll Things Open
 
PDF
20221130 - Luxembourg HUG Meetup
byStéphane Este-Gracias
 
PPTX
GitOps in a nutshell (Montreal CNCF meetup May 2024)
byLucien Boix
 
PDF
Free GitOps Workshop
byWeaveworks
 
PDF
Weave GitOps Core Overview (Free GitOps Workshop)
byWeaveworks
 
PDF
Weave GitOps - continuous delivery for any Kubernetes
byWeaveworks
 
PDF
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
byDenim Group
 
PDF
Observe and command your fleets across any kubernetes with weave git ops
byWeaveworks
 
PDF
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
byWeaveworks
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
byWeaveworks
 
From Zero to GitOps Heroes
byWeaveworks
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
byWeaveworks
 
Weave GitOps 2022.09 Release: A Fast & Reliable Path to Production with Progr...
byWeaveworks
 
Reconcile Terraform Resources the GitOps Way with Priyanka Ravi
byWeaveworks
 
Hardening Your CI/CD Pipelines with GitOps and Continuous Security
byWeaveworks
 
Intro to GitOps & Flux.pdf
byWeaveworks
 
Get Started with Flux
byWeaveworks
 
Weave GitOps 2023.04 Release: Optimizing Developer Productivity & Experience ...
byCezzaineZaher1
 
Flux Security & Scalability using VS Code GitOps Extension
byWeaveworks
 
WTF is GitOps and Why You Should Care?
byWeaveworks
 
WTF is GitOps & Why Should You Care?
byAll Things Open
 
20221130 - Luxembourg HUG Meetup
byStéphane Este-Gracias
 
GitOps in a nutshell (Montreal CNCF meetup May 2024)
byLucien Boix
 
Free GitOps Workshop
byWeaveworks
 
Weave GitOps Core Overview (Free GitOps Workshop)
byWeaveworks
 
Weave GitOps - continuous delivery for any Kubernetes
byWeaveworks
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
byDenim Group
 
Observe and command your fleets across any kubernetes with weave git ops
byWeaveworks
 
Shift Deployment Security Left with Weave GitOps & Upbound’s Universal Crossp...
byWeaveworks
 

More from Weaveworks

PDF
Weave AI Controllers (Weave GitOps Office Hours)
byWeaveworks
 
PDF
Flamingo: Expand ArgoCD with Flux (Office Hours)
byWeaveworks
 
PDF
Six Signs You Need Platform Engineering
byWeaveworks
 
PDF
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
byWeaveworks
 
PDF
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
byWeaveworks
 
PDF
Flux Beyond Git Harnessing the Power of OCI
byWeaveworks
 
PDF
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
byWeaveworks
 
PDF
How to Avoid Kubernetes Multi-tenancy Catastrophes
byWeaveworks
 
PDF
Building internal developer platform with EKS and GitOps
byWeaveworks
 
PDF
GitOps Testing in Kubernetes with Flux and Testkube.pdf
byWeaveworks
 
PDF
Implementing Flux for Scale with Soft Multi-tenancy
byWeaveworks
 
PDF
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
byWeaveworks
 
PDF
The Story of Flux Reaching Graduation in the CNCF
byWeaveworks
 
PDF
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
byWeaveworks
 
PDF
Flux’s Security & Scalability with OCI & Helm Slides.pdf
byWeaveworks
 
PDF
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
byWeaveworks
 
PDF
Robust Network Security and Observability with GitOps and Cilium
byWeaveworks
 
PDF
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
byWeaveworks
 
PDF
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
byWeaveworks
 
PDF
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
byWeaveworks
 
Weave AI Controllers (Weave GitOps Office Hours)
byWeaveworks
 
Flamingo: Expand ArgoCD with Flux (Office Hours)
byWeaveworks
 
Six Signs You Need Platform Engineering
byWeaveworks
 
SRE and GitOps for Building Robust Kubernetes Platforms.pdf
byWeaveworks
 
Webinar: End to End Security & Operations with Chainguard and Weave GitOps
byWeaveworks
 
Flux Beyond Git Harnessing the Power of OCI
byWeaveworks
 
Automated Provisioning, Management & Cost Control for Kubernetes Clusters
byWeaveworks
 
How to Avoid Kubernetes Multi-tenancy Catastrophes
byWeaveworks
 
Building internal developer platform with EKS and GitOps
byWeaveworks
 
GitOps Testing in Kubernetes with Flux and Testkube.pdf
byWeaveworks
 
Implementing Flux for Scale with Soft Multi-tenancy
byWeaveworks
 
Accelerating Hybrid Multistage Delivery with Weave GitOps on EKS
byWeaveworks
 
The Story of Flux Reaching Graduation in the CNCF
byWeaveworks
 
Securing Your App Deployments with Tunnels, OIDC, RBAC, and Progressive Deliv...
byWeaveworks
 
Flux’s Security & Scalability with OCI & Helm Slides.pdf
byWeaveworks
 
Deploying Stateful Applications Securely & Confidently with Ondat & Weave GitOps
byWeaveworks
 
Robust Network Security and Observability with GitOps and Cilium
byWeaveworks
 
Simplifying Hybrid Kubernetes with Weaveworks and EKS.pdf
byWeaveworks
 
Building a Security First Approach Across Hybrid Cloud with GitOps and Policy...
byWeaveworks
 
Security & Resiliency of Cloud Native Apps with Weave GitOps & Tetrate Servic...
byWeaveworks
 

Recently uploaded

PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
December Patch Tuesday
byIvanti
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
8 LLM Surveys https://tinyurl.com/bdz8e6fp
byBob Marcus
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
December Patch Tuesday
byIvanti
 
AI Technology important knowledge ......
byutkarshj2007
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
Vibe Coding vs. Spec-Driven Development [Free Meetup]
byHaim Michael
 
In this document
Powered by AI

Introduction of speakers and overview of Weaveworks and open source projects like Flux and EKSctl.

Explanation of GitOps as a methodology for application development and operations, emphasizing its overall business value.

Listing of upcoming GitOps related events and engaging with the audience for Q&A.

Explanation of Software Bill of Materials (SBOM) as a tool for software transparency and its uses in security.

Introduction of Anchore as a leader in software security with developer-friendly tools for scanning.

The development journey of Flux in the CNCF, its maturity levels, and how Flux manages clusters with SBOM integration.

Security: The Value of SBOMs

  • 1.
    1 March 24, 2022 Security:The Value of SBOMs Dan Luhring, OSS Engineering Mgr, Anchore Brady Todhunter, Lead DevOps Eng, Anchore Priyanka “Pinky” Ravi, DX Engineer, Weaveworks Stacey Potter, Community Manager, Weaveworks
  • 2.
    2 Weaveworks is foundedon open source ● Flux & Flagger (CNCF): GitOps and Progressive Delivery for k8s ● Cortex (CNCF): Distributed, Long-term-storage TSDB compatible with Prometheus ● Weave Ignite: VMs with container UX & built-in GitOps management ● EKSctl: Create an Amazon EKS cluster with one command ● (and many many more projects!) And now … Weave GitOps! weave.works
  • 3.
    3 Speakers Help/Support Dan Luhring OSSEngineering Mgr Anchore Brady Todhunter Lead DevOps Eng. Anchore Priyanka Ravi DX Engineer Weaveworks Stacey Potter Community Manager Weaveworks Browser Safari copy/paste shortcuts may not work Using Zoom Questions? • Use chat (button: top left corner of screen) • Escape to exit full screen • “To Everyone” or “To all panelists and attendees” Support: https://support.zoom.us/hc/ en-us/articles/206175806-T op-Questions Troubleshooting Use chat If the issue is not easily resolved, we ask that you follow along as we demo the sample app. Security: The Value of SBOMs Duration 30-60 Minutes
  • 4.
    4 ● GitOps isan app dev and operations methodology ● GitOps is a methodology, not a specific tool or technology. ● GitOps applies to everything and brings business value. What is GitOps?...and why do I want it?
  • 5.
  • 6.
    6 👋 Get Connected💬 🤝 ● ⭐ Star us on GitHub ⭐ ● Check out the Flux docs at: fluxcd.io/docs/get-started/ ● GitHub Discussions Q&A: https://github.com/fluxcd/flux2/discussions/categories/q-a ● CNCF Slack #Flux channel (or get a slack invite)
  • 7.
    7 Mar 29: OpenSource101:WTF is GitOps & Why Should you Care? Mar 30: From Zero to GitOps Heroes! Mar 31: GitOps for Helm Users! May 16-20: Flux Booth at KubeCon! June 8-9: GitOps Days 2022! (gitopsdays.com) Upcoming Events
  • 8.
  • 9.
    Dan Luhring Manager ofOpen Source Engineering, Anchore luhring danluhring dan.luhring@anchore.com
  • 10.
  • 11.
    Software bill ofmaterials (“SBOM”) ● A “list of ingredients” for a software artifact ● Exposes what software is made up of ● Several different uses… ■ Vulnerability scanning ■ Software transparency ■ Policy
  • 12.
    What is Anchore,Syft, Grype?
  • 13.
    Anchore Forging the Futureof Software Security. Anchore is creating a more secure software supply chain for priceless peace of mind.
  • 14.
    Anchore’s Open SourceTools Developer-friendly scanning tools for container image security
  • 15.
    The story ofSBOMs at Flux Cloud Native Computing Foundation (CNCF) The Cloud Native Computing Foundation (CNCF) is an open source software foundation that promotes the adoption of cloud-native computing. Maturity Levels: Sandbox ➡ Incubating ➡ Graduation CNCF projects have a maturity level of sandbox, incubating, or graduated, which corresponds to the Innovators, Early Adopters, and Early Majority tiers of the Crossing the Chasm diagram. The maturity level is a signal by CNCF as to what sorts of enterprises should be adopting different projects. July 2019: Flux joins CNCF as a Sandbox Project 🏜 ⌛ 🏝 July 2020: Flux was one of only two projects in the ‘adopt’ category of CNCF CD Tech Radar 📡 ⚙ 💻 March 2021: Flux goes from Sandbox to Incubation 🥚 ⏲ November 2021: Flux Security Audit concludes in preparation for Graduation application 📄 📝 March 2022: Flux applies for Graduation 🤞🤞 🎉 🎓 🎉 🎓 🎉 🎓 🤞🤞
  • 16.
    Here’s how Fluxdid it! Initialize artifact .goreleaser.yml
  • 17.
    Here’s how Fluxdid it! Install Syft
  • 18.
    Here’s how Fluxdid it! Generate release artifacts Create release and SBOM
  • 19.
    Syft, Grype, &Syft+Grype
  • 20.
  • 21.
    Flux at Anchore Howwe use Flux: ● We manage 2 clusters using Flux ● Environments are set up differently ● Image Automation What I love about Flux: ● Developer empowerment ● Flexibility in deployments ● Source of truth for deployments ● Uses native kubernetes mechanisms