SBOM for DevSecOps and Software Supply Chain Security: Build Secure Software Supply Chains with SPDX
$23.92
Payment received
We are registering your order now. Please stay on this page while we redirect you to the confirmation page.
- In Stock soon, order now to reserve your copy.
- FREE DELIVERY
- Secure checkout
- 15-day returns
- 24/24 Online
- Yes High Speed
- Yes Protection
Description
Modern applications depend on hundreds of open-source libraries, container images, and third-party components. While this accelerates development, it also introduces serious software supply chain security risks. Without visibility into these dependencies, organizations cannot quickly detect vulnerabilities, respond to incidents, or verify the integrity of released software.
SBOM for DevSecOps and Software Supply Chain Security: Build Secure Software Supply Chains with SPDX, CycloneDX, VEX, Trivy, Syft, Dependency-Track, and SLSA is a practical guide to implementing Software Bill of Materials (SBOM) workflows in modern DevSecOps environments.
This hands-on book shows you how to generate SBOMs, analyze vulnerabilities, monitor dependency risks, and automate security controls across CI/CD pipelines. Using real tools such as Syft, Trivy, Grype, cdxgen, Dependency-Track, and Sigstore Cosign, you'll learn how to create transparent and verifiable software supply chains.
You'll also explore advanced practices such as VEX vulnerability triage, artifact signing, and SLSA build provenance, helping you move from basic dependency inventories to a complete supply chain security architecture.
A full end-to-end capstone project walks you through building a secure SBOM-driven DevSecOps pipeline, integrating SBOM generation, vulnerability scanning, continuous monitoring, and signed release artifacts.
What you'll learn:
- Generate SBOMs for applications and container images
- Detect vulnerabilities using modern scanning tools
- Monitor dependency risk with OWASP Dependency-Track
- Automate SBOM workflows in CI/CD pipelines
- Reduce vulnerability noise using VEX
- Sign and verify software artifacts using Sigstore Cosign
- Implement secure build provenance using SLSA
- Build a complete SBOM-driven software supply chain security pipeline
This book is ideal for developers, DevOps engineers, security professionals, and platform teams who want to implement modern software supply chain security using practical tools and automation.
If you want to build transparent, verifiable, and secure software delivery pipelines, this guide will show you exactly how.
Product Details
- Mar 31, 2026 Pub Date:
- 9798254500346 ISBN-10:
- 9798254500346 ISBN-13:
- English Language
Fast moving this week
Chainsaw Man Box Set
$93.87
National Geographic Atlas of the World, 11th Edition
$183.40
Invincible Compendium Volume 2
$51.64
Naruto Box Set 2: Volumes 28-48 with Premium
$128.57
Diary: Divine Mercy in My Soul (Revised)
$11.61
Netter's Anatomy Flash Cards
$41.84
It's Not You: Identifying and Healing from Narcissistic People
$18.57
Amygdala
$49.86
Mom, I Want to Hear Your Story: A Mother's Guided Journal To Share Her Life & Her Love
$13.71
Money Back
Love it! Use it! Reuse it!
Free Shipping
Shipping is on us
Free Support
24/24 available
