May 10-12, 2023
Vancouver, British Columbia, Canada + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC/GMT -8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Friday, May 12 • 11:55am - 12:35pm
Delivering Secure & Compliant Software Components with the Open Component Model & GitOps - Dan Small, SAP SE

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
DevOps teams today are tasked with the full scope of the delivery of complex software products. In this talk, we take the delivery of software one step further, by introducing the Open Component Model (OCM), which is an open standard with an open-source toolkit to describe software components in a technology-agnostic and machine-readable format that can also automate the continuous deployment via GitOps. OCM, as opposed to SBoM, represents a Software Bill of Delivery (SBoD) for tracking all artifacts of a complex product. It is the single source of truth for required operations. The OCM based solution started at SAP for the consistent delivery of cloud native apps together with heritage products. With the help of Weaveworks, OCM is integrated with CNCF open source Flux to automate the deployment using GitOps Localization. This talk presents the security and compliance benefits of OCM and GitOps Localization: air-gapped environments and offline CI/CD; end-to-end supply chain shielding; lift and shift applications to the cloud. We will show you how to deploy signed, attestable, and verifiable artifacts in environments with limited or no connectivity, especially for high-security and regulated clouds.

avatar for Dan Small

Dan Small

Expert Software Engineer, SAP
Dan Small is an expert developer at SAP, the world's leading enterprise resource planning (ERP) software vendor.   He has helped development teams deliver complex software projects in the developer tools and GRC space.  He has helped devops teams significantly reduce operational... Read More →

Friday May 12, 2023 11:55am - 12:35pm PDT
118 (Level 1)