Software Bill of Materials (SBOMs) are no longer a nice-to-have; they're quickly becoming table stakes for secure software delivery. But generating SBOMs is just the start. How do you manage them at scale across thousands of artifacts, teams, and environments? How do you ensure they’re accurate, tamper-proof, and usable in real-world pipelines?

We will walk users through integrating SBOM generation, storage, and validation into a modern CI/CD workflow using cloud-native tooling.

• Best practices for generating SBOMs for containers
• Securely storing and indexing SBOMs alongside your artifacts
• Validating artifacts against SBOM data before deployment
• Using SBOMs in incident response, compliance, and auditing

The session will provide attendees a clear roadmap to make SBOMs a first-class citizen in their pipelines and will provide a real-world example of how Cloudsmith integrates CNCF projects like Trivy with OSS projects like CycloneDX, Syft and Grype for automated SBOM generation.