Session Description
Generating a Software Bill of Materials (SBOM) is only the first step toward compliance with upcoming regulations like the EU Cyber Resilience Act (CRA). The real challenge lies in managing these artifacts at scale, tracking vulnerabilities across a diverse portfolio, and communicating real-world risks effectively.
This workshop takes you beyond simple pipeline scanning. We will dive into OWASP Dependency-Track, an intelligent component analysis platform that allows organizations to identify and reduce risk in their software supply chain. You will learn how to transform static SBOMs into a living, automated security ecosystem.
Speaker
Principal DevOps Consultant @ Zühlke | AI coach @ remmen.io | Speaker
Making complex DevSecOps challenges disappear through platform engineering magic! I work as a platform engineer with Kubernetes, cloud-native technologies, and AI-enhanced automation. As such, I do a lot of development using infrastructure as code and CI/CD pipelines. I’m also the founder of remmen.io GmbH, where I focus on digital education and knowledge sharing around AI. With 25 years of experience in datacenters, networking, and automation, I’ve helped numerous teams master platform engineering challenges. Digital sovereignty is close to my heart and increasingly becomes a central focus in my work - empowering organizations to maintain control over their digital infrastructure and data while leveraging modern cloud-native technologies. Outside of work, you’ll find me spending time with family, strategizing over board games, mixing tracks as a DJ, or diving into sci-fi literature.
