Open Source Summit North America 2023

DevOps teams today are tasked with the full scope of the delivery of complex software products. In this talk, we take the delivery of software one step further, by introducing the Open Component Model (OCM), which is an open standard with an open-source toolkit to describe software components in a technology-agnostic and machine-readable format that can also automate the continuous deployment via GitOps. OCM, as opposed to SBoM, represents a Software Bill of Delivery (SBoD) for tracking all artifacts of a complex product. It is the single source of truth for required operations. The OCM based solution started at SAP for the consistent delivery of cloud native apps together with heritage products. With the help of Weaveworks, OCM is integrated with CNCF open source Flux to automate the deployment using GitOps Localization. This talk presents the security and compliance benefits of OCM and GitOps Localization: air-gapped environments and offline CI/CD; end-to-end supply chain shielding; lift and shift applications to the cloud. We will show you how to deploy signed, attestable, and verifiable artifacts in environments with limited or no connectivity, especially for high-security and regulated clouds.