►
From YouTube: SBOM X-Ray Superpowers: Making Better SBOMs, Using SBOMs - Brandon Lum& Chris Phillips
Description
Don’t miss out! Join us at our upcoming event: KubeCon + CloudNativeCon Europe 2023 in Amsterdam, The Netherlands from April 17-21. Learn more at https://kubecon.io. The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
SBOM X-Ray Superpowers: Making Better SBOMs, Using SBOMs - Brandon Lum, Google & Chris Phillips, Anchore
Creating SBOMs (Software Bill of Materials) for our software artifacts is very important in understanding our software and responding to security attacks/vulnerabilities. However, creating SBOMs is challenging. To be effective, SBOMs must be as accurate and complete as possible, but at the same time be usable. Today, Software Composition Analysis (SCA) based SBOM generation tools strike a great balance in this regard. There are several great SCA-based SBOM generator tools today, but all of them have blind spots, such as finding an executable file that has no metadata associated with it. What if there was a way for SBOM tools to reliably fill in these gaps in order to produce a more complete SBOM? Enter the SBOM X-ray vision! In this talk, we demonstrate a novel way to peek into these opaque files through SBOM discovery and look-up. Through the use of the Rekor transparency log and In-toto attestations, we’ll show how easy it is for existing projects to share SBOM information with other projects using native CI integrations. We will then show our new superpowers in action through the Syft tool to generate more complete SBOMs!
A
A
A
A
So,
let's
double
down
on
this
food
recipe,
because
you
know
we
every
s-bomb
is
the
ingredient
list.
You
know
the
first
question
is:
how
do
we
get
this
ingredient
this?
And
so,
let's
take
this
scenario
here:
I
I
go
to
this
really
nice,
restaurant
and
out
of
this
bowl
of
ramen
and
in
this
hypothetical
scenario,
I'm
allergic
to
peanuts.
So
what
I
want
to
do
is
ask
myself
this
question.
A
A
Yeah
I
think
you're
good,
that's
good
right
and
then
because
I'm
super
careful,
I
let
Chris
like
have
have
a
bite
and
he's
like
no
peanuts.
Yeah
we're
good,
couldn't,
taste
it
yeah.
We're
fine
should
be
good.
All
right,
then
I
I
I
I
eat
the
bowl
of
ramen,
obviously
right,
however,
so
the
second
option
here
is
asking
the
chef
right.
So
I
can
go
back
to
the
kitchen
and
be
like.
Oh,
what
do
you
actually
put
in
this
I'm
allergic
to
peanuts?
And
in
this
case
the
chef
comes
back
and
say
yeah.
A
A
But
how
does
this
all
tie
back
the
software
so
option
one?
When
you
talk
about
software,
we're
talking
about
observing
analyzing,
something
that
we
have
so
this
can
be
a
bundle,
application,
a
container,
a
binary
and
we
use
software
composition
analysis.
We
look
at
binary
symbols.
We
look
at
package
metadata,
heuristics
and
fingerprinting,
so
that's
option
one,
and
then
we
have
option
two,
which
is
like
ask
the
chef.
A
But
what
does
that
mean
in
the
context
of
software-
and
this
means
usually
I'm
going
to
talk
to
the
vendors
I'm
going
to
go
to
the
folks
that
are
building
my
software
and
ask
them
what's
in
this,
but
the
tricky
thing
about
that
is
in
modern
software.
There
is
a
lot
of
complexity
in
that
it's
not
just
one
step.
B
Nice,
so
my
name
is
Chris.
Phillips
I'm
also
worked
a
little
bit
on
this
and
what
we're
trying
to
drive
home
with
the
idea
of
software
composition,
analysis
it's
no
longer
on
the
consumer
themselves.
There's
been
this
idea
of
like
oh.
If
we
shift
left
and
all
the
developers
scan
these
things
that
are
on
their
computers
and
they
do.
Oh,
the
binary
is
fine,
great,
no
vulnerabilities,
they
post
a
report,
they
upload
it
and
it
gets
shipped
out
to
production.
B
But
what
actually
happens
is
if
you
have
like
a
static
asset,
that's
sitting
on
a
container
or
on
your
machine.
You
have
so
much
less
context
than
if
you
did
the
build
time
of
itself
right,
the
the
producer
themselves.
You
can
get
manifest
from
the
DB.
You
can
go
through
all
the
other
metadata
of
the
build
system
of
like
the
Jenkins
pipeline.
You
can
even
query
and
look
at
every
single
bit
or
part
of
what
went
into
building
that
binary
before
it
gets
tripped
out
and
over.
So
the
analogy
here
is
just
like
the
top.
B
B
Here's
a
good
example:
we
just
ran
a
package
manager
tool
from
open
source
against
one
which
was
a
file,
and
we
found
121
packages
in
that
go
binary.
But
then,
when
we
stepped
up
a
level
and
we
scanned
a
directory
as
our
context,
we
found
140
packages,
so
there
were
19
or
so
packages
at
that
directory
scan
level
that
might
have
been
used
to
go
into
the
build
process.
B
So
imagine
you
have
like
an
intern
and
we're
looking
at
the
dependency
list
for
the
go
module
and
someone
who
goes
yeah.
Is
this
everything
that's
you
know
been
introduced
in
the
pull
request,
I
just
scanned
what
was
downloaded
so
that
seems
good,
and
then
you
get
the
lgtm
and
you
get
to
go
home,
everything's
deployed
to
production,
you're,
fine,
but
there's
always
a
an
issue,
there's
more.
If
we
actually
look
at
the
build
logs
for
when
we
scan
the
directory,
we
found.
B
B
A
A
Here
we
have
our
developer
our
Chef
here,
compiling
something
we
call
a
vulnerable
demo
binary,
which
shouldn't
be
vulnerable
right,
and
we
do
the
thing
that
most
of
us
want:
Once
Upon,
a
Time
while
we
were
learning
Docker
do,
which
is
create
a
Docker
file
from
Alpine
or
something
run
call
into
a
binary
and
ship
it
right
it's
in
production,
and
so
so
what
we
see
this
has
stayed
up
today
right.
So
if
we
take
two
like
shift
and
scan,
this
contain
an
image.
It's
going
to
tell
us
a
few
things.
A
A
So
I
think
the
the
question
that
we're
trying
to
say
here
is
like
you
know
what,
if
I
could
go
to
the
source
and
ask
you
know
what's
in
this
thing,
and
so
what
we
have
here
and
alluding
to
what
Chris
mentioned
about
having
producers
kind
of
share
the
metadata.
And
now
we
have
the
chef
here
on
top
of
creating
and
compiling
the
binary.
A
They
also
run
shift
to
then
generate
the
s-bomb,
and
then
we
add
the
step
of
attesting
the
s-bomb
and
putting
it
in
a
discoverable
stall
and
in
this
case,
for
a
demo
we're
using
six
star
and,
more
specifically,
the
recall,
transparency
lock.
So
it's
taking
the
s-bomb,
it's
testing
it,
putting
it
in
the
store
and
now
what
shift
then
does
is
now
when
it
sees
the
the
binary
is
okay.
Let
me
go
check
out.
A
If
there's
any
metadata
available,
it's
going
to
take
the
hash
of
the
the
binary
and
take
the
shot
of
the
56
and
as
recall,
any
metadata
any
as
bombs
that
I
can
use.
And
in
this
case,
because
there
is
one
recall
returns
with
the
s-bomb
and
then
what
safe
now
produces
in
the
s-bomb
includes
and
encapsulates
the
additional
metadata
right.
B
So
the
first
part
we
talked
about
in
that
graph,
build
the
artifact
itself
right,
just
a
nightly
build
release
and
we
get
our
binary
tailed
as
time
you
could
use
make
you
could
use,
go
build
anything
the
next
bit
we
do.
Is
we
go
in,
and
we
say:
okay
I'm
going
to
take
this
show
posts
I'm
going
to
take
this
new
thing
that
I
build
and
I'm
going
to
double
check
and
see
yeah
thumbs
up
no
vulnerabilities
right
now
we're
the
consumer.
B
We
are
going
through
this
whole
process
and
we're
saying
my
code
is
not
vulnerable
I'm
going
to
ship
this
right
now
we're
good
right
and
then
finally,
we're
going
to
generate
an
image
and
if
you're,
following
along
from
the
graph
that
Brandon
put
together,
this
is
where
we
are
where
we
build
and
we
package
that
binary
in
the
image
we
scan
that
as
well,
and
then
this
gets
uploaded
to
jfrog
or
Docker
Hub
and
everyone's
extremely
happy
because
we're
zero
vulnerabilities.
We
could
report
that
and
we
get
a
nice
little
pat
on
the
back.
B
That's
incorrect,
though,
right.
If
we
want
to
go
we're
going
to
go
a
bit
deeper,
let's
try
this
with
more
Fidelity,
so
we're
going
to
do
the
directory
scan
actually
get
the
full
contents
that
go
into
this
rust
binary
that
we're
building
we're
going
to
get
the
shaw
256
of
our
binary,
so
we're
going
to
go
into
that
release,
we're
going
to
fingerprint
it
and
then
we're
also
going
to
fingerprint
our
s-bomb.
So
if
you
think
about
it,
you
say
this
artifact
that
I
have
right
here
and
this
s-bomb.
These
two
fingerprints
are
linked
together.
B
You
can
that's
how
we
know
when
we
go
out
to
pull
down
the
extra
metadata
that
it
is
the
type
that
we
want
to
decode
and
scan
for
vulnerabilities.
We
include
the
subjects
of
the
binary
itself,
so
that's
us
committing
to
the
transparency
log
that
this
file,
this
exact
fingerprint
exists
for
this
metadata
and
and
then
we
upload
it
and
then
sign
it
with
whatever
method
that
we
want
keyless
wise,
so
in
this
case
I'm
using
my
oidc
provider
for
GitHub,
but
you
could
think
of
all
different
trust
policies.
B
This
way
where
a
local
I
would
say
like
the
Golden
Goose
keys
of
your
company
is
signing
it.
So
you
only
trust
things
in
Sig
store
that
were
signed
by
those
keys
right,
not
just
a
random
developer,
Chris
Phillips
at
GitHub
right,
the
levels
of
trust
and
policy
that
can
do
on
this
are
kind
of
like
nested,
where
you
have
that
that
trust
policy
problem
and
then
we're
if
you're,
following
along
in
the
the
diagram
again,
you
are
here
so
now
we're
uploading
this
additional
metadata.
B
So
now
we
go
back
and
we
say:
did
this
work?
Do
we
have
a
better
image
now,
with
this
fingerprint
uploaded
the
six
door
when
we
go
to
catalog
and
when
we
go
to
actually
look
at
everything?
That's
in
this
image
we
will
be
greeted
with
in
this
case
this
is
human
readable,
but
you
can
also
see
it
as
an
annotation
machine,
readable,
uid,
and
this
says:
hey
I
fingerprinted-
that
file
that
previously
I
had
no
idea
what
it
was
and
some
person.
That's
in
your
config
that
you
trust,
says
thumbs
up.
B
B
We're
going
up
to
record
with
this
command
we're
using
the
uid,
we're
finding
the
attestation
we're
pulling
the
predicate
and
then
we're
scanning
it
right
here,
and
we
can
say
that,
because
the
producer
has
been
responsible
because
the
producer
has
uploaded
a
document,
that's
more
complete
based
on
all
of
the
metadata
and
all
the
information
that
they
had
in
the
build
system.
We
can
alert
the
consumer
that
there
might
be
vulnerabilities
that
there
might
be
something
that
otherwise
was
just
a
black
rock
of
a
compiled
file
before
and
you
think
about
this.
B
Yeah,
and
so
everyone
loves
memes,
they
said
there's
no
way,
you
can
see
those
vulnerabilities
in
that
compiled
file
you're
right,
but
I
can
trust
the
person.
That's
uploading,
the
data
that
knows
what's
in
there
from
their
build
system,
with
all
the
additional
details
and
then
get
the
vulnerabilities
and
like
the
world
is
your
oyster
too.
You
can
pull
license
data
from
that
as
well.
Any
kind
of
compliance
check
that
you
think
that
you
can
assert
data
on
from
those
build
systems.
You
can
upload
and
run
it
into
an
extra
tool.
A
We
are
building
another
project
called
guac
that
we'll
be
talking
about
tomorrow,
that
we
really
focus
on
cataloging
all
this
metadata,
so
that
it's
searchable,
so
you
can
search
it
by
contact
addressable
hash
and
we're
having
a
talk
about
this
tomorrow,
11
A.M
in
the
same
track,
the
security
track.
So
if
you're
interested
find
out
more
about
that
there,
another
quick
note
is
Association
format.
We're
using
is
a
little
bit
custom,
not
exactly
the
same
as
the
Intel
spdx1.
A
This
is
to
keep
it
small
enough,
so
that
recall
was
installed
at
the
stations
and
finally,
as
Chris
pointed
out,
you
know
there
is
a
lot
of
things
you
can
do
with
trust
policy.
You
know
it's
a
list
of
people
that
I
trust
for
certain
artifacts.
Are
there
like
organizations
like
Google,
Microsoft
or
Intel
that
trust
for
the
binaries
that
they
produced?
A
B
Cool,
oh
yeah,
and
the
last
part
too
that
I
did
want
to
mention
is
that
we
do
want
to
start
thinking
about
and
getting
ideas
from
the
community
about
how
the
parts
like
multiple
entries
from
third
and
first
parties
and
how
to
do
that
kind
of
decisioning
against
who
you
like.
Who
is
the
first
order
of
like
which
one
do
you
take
when
you're
evaluating
right?
B
Check
out
our
tools
and
check
out
all
the
awesome
open
source
tools
that
exist
that
produce
these
documents
as
well.
It's
it's
awesome,
just
there's
so
much
going
on
in
this
ecosystem
right
now
and
the
more
that
we
get
everything
kind
of
working
together
rather
than
just
granular
insular
and
one
single
project,
the
better
it
will
be
for
both
the
consumer
of
software
and
hopefully,
producers
in
that
guard.
So
thank
you.
C
Hey
this
is
really
really
interesting.
Stuff
I
I
just
have
a
question
about,
though,
so
you
have
a
bunch
of
problems
with
the
permission
model
and
stuff
like
this,
and
and
also
I'm
curious,
why
you
use
the
attestation
format
in
in
Toto,
because
link
formats
in
in
Toto,
actually
in
in
the
layout
formats,
actually
handle
all
those
permission.
Issues
for
you
and
things
like
this,
so
I'm
curious.
A
So
we
are
using
that
I
think
the
that
is
like
the
expressibility
in
the
the
locator
of
the
metadata.
So
we
had
this
restriction
where
recall,
doesn't
store,
attestations
above
I
can't
remember
a
couple
of
kilobytes
or
something
so
we
do
need
a
way
to
start
that
we
are
using
the
in
total
attestation
we're
just
having
a
custom
predicate
for
that.
A
A
This
does
lead
to
another
thing
that
we
kind
of
hinted
at
over
here,
but
didn't
talk
about
explicitly,
which
is
S1
composability
So
within
individual
ecosystems.
It's
generally
pretty
simple,
as
we
saw
like
with
the
golden
one,
you
can
have
a
good
idea
on
what
everything
looks
like
within
your
ecosystem,
but
then,
when
you
pull
for
other
ecosystems
like
for
the
rust
and
the
continuous
one,
this
one
you
kind
of
need
to
put
them
together.
A
So
in
this
case
the
metadata
we
can
gather
for
any
kind
of
response
or
any
kind
of
format
with
the
second
DX
or
SPX.
There
is
a
aspect
of
composability
which,
for
example,
in
spdx.
What
we
do
is
we
use
the
describe
relationship
to
say
that
this
binary
is
described
by
this
particular
s-bomb,
which
is
in
a
separate
document.
So
that
is
like
a
little
bit
of
nuance
in
there,
but
in
general,
any
format.
Any
type
of
metadata
should
be
able
to
be
handled
as
long
as
you.
You
know
what
you're
expecting.
B
C
Okay,
so
there's
there's
a
couple
ways
to
go
about
generating
something
like
an
s-bomb
and
one
of
them
is
scanning
and
another
way
is
to
pre-populate
this.
Somehow,
basically,
you
can
initially
do
a
scan
and
then
have
this
be
like
the
set
of
rules
for
the
things
that
are
supposed
to
come
in
and
I
I've
heard
a
lot
of
discussion
about
how
scanning
as
a
whole
has
a
bunch
of
problems
with
especially
malicious
actors.
If
there's
a
malicious
actor
anywhere
in
your
system,
then
scanning
is
just
not
gonna.
C
Save
you
and
I'm
wondering
if
you
can
just
comment
on
that
and
where
you
think
this
might
go
to
move
to
a
model,
that's
where
your
work
might
go
to
move
to
a
model,
that's
secure
against
malicious
actors,
not
just
you
know,
Oddities
of
scanning
tools,
not
picking
things
up.
Do
you
want
to
take
this
off.
B
Yeah,
it
depends
on
what
the
malicious
actor
is
doing.
So
in
the
case
of
like
if
they're
modifying
your
APK
database
right,
they're
looking
at
different
entries-
and
you
take
the
sum
of
that
and
you're
using
those
digests
and
fingerprinting
as
much
as
you
can
and
you're
diffing
against
the
different
outputs
of
s-bombs.
Hopefully,
the
ecosystem
evolves
so
that
we
can
see
those
different
diffs
between
those
documents
and
say:
oh,
the
fingerprint
here
changed
from
APK
to
APK.
Those
are
not
the
same
bomb
out.
B
We
need
to
investigate
why
this
wasn't
the
same
for
our
quote:
reproducible
build
if
the
that's
the
that's
the
main
use
case.
I've
looked
at
as
far
as
like
a
malicious
actor
changing
data
on
the
system
to
represent
that
some
version
is
not
there
or
that
some
like,
let's
say,
you're,
doing
a
scanning
tool
and
you're
not
actually
reading
the
file
you're
pulling
a
bunch
of
package
management
info
or
metadata.json
and
you're,
not
asserting
that
that
thing
actually
exists
there.
B
You
can
go
a
step
further
and
compare
that
metadata
that
package.json
that
package
lock
to
the
files
read
the
file
itself.
Does
that
match
up
exactly
with
what
exists
there
if
that's
been
changed
bomb
out
a
certain
show
to
the
user
that
something
different
has
happened
at
this
level,
and
you
can
take
that
localized
example
and
you
can
go
even
further
up.
B
So
if
we're
talking
about
you
know
uploading
these,
like
s-bombs
to
some
blob
store
that
could
be
discovered
via
stick
store,
then
when
you
go
and
you
pull
that
down,
and
the
company
has
said
this
is
reproducible,
this
is
the
exact
same
and
you
diff
it
against
a
previous
version
that
you've
pulled.
Then
you
say:
hey.
You
said
this
was
reproducible.
You
said
this
is
exactly
the
same.
Why
am
I
seeing
like
a
git
diff
of
a
red
minus
and
a
green
plus
here,
where
it
wouldn't
have
existed?
So
if
there
are
other?
A
And
also
to
add
on
to
that
right,
I
think
that
s-bomb
is,
you
know,
concentrating
on
figuring
out
what
and
like
the
process
of
trying
to
menderize
it
I
think
there
are
other
aspects
that
we
want
to
tie
into
so
like
having
the
provincial
S1,
but
also
having
that
of
you,
know
the
South
Side
associations
and
kind
of
figuring
out.
You
know
whether
there's
a
bad
actor
there's
a
bad
identity
which
documents
are
affected
and
which
s-bomb
generation
processes
will
affected
very
much
with
like
a
regular
supply
chain,
attack
and
I.
A
Think,
like
that's
kind
of
like
what
we're
trying
to
solve,
with
like
the
block
project
as
well
right
is
that
now
we
have
the
S1
information.
Let's
let
the
S1
people
like
worry
about
their
problem.
We
will
solve
other
aspects
of
this
with
salsa
with
developer
insights.
With
you
know,
tracking,
like
oh,
was
this
a
malicious
developer.
The
social
malicious
comment
propagating
that
through
the
transitive
graph
and
then
doing
analysis
of
that.