Improve Vulnerability Management with OCI Artifacts – It Is That Easy!

This talk explores how to enhance vulnerability management by leveraging OCI artifacts. It delves into the challenges of efficiently utilizing SBOMs at scale and introduces OCI artifact specifications as an elegant solution for storing and signing SBOMs, scan results, and other supply chain attestations alongside relevant artifacts in registries. The session demonstrates practical applications using open-source tools like Trivy, Notary, and ORAS, showing how to improve vulnerability management practices for containers, WASM, packages, and libraries.