Automating SBOM and OSS Governance: A Developer-Centric Approach

Security governance for open-source dependencies is critical, but without automation, it can become a bottleneck—leading developers to bypass policies. This session explores how automated SBOM management, software supply chain traceability, and vulnerability risk assessment can seamlessly integrate into the Secure Software Development Lifecycle (SSDLC) without disrupting innovation.

In this session, we will discuss practical automation strategies for tracking software components, ensuring supply chain visibility, and mitigating vulnerabilities through CI/CD pipelines. We’ll discuss real-world challenges, compliance automation, and risk management solutions that align security with development workflows.

By the end, participants will be equipped to implement automation-driven security controls that turn governance from a constraint into an enabler of secure, agile software development.