More than 2/3 of application code is inherited from open source dependencies. It’s important to provide verified and attested code with provenance checks in the whole software development life cycle. Join talk where developers can learn and understand how to use software bill of materials (SBOM) and Vulnerability Exploitability eXchange (VEX) as part of the software supply chain for cloud-native applications. Sign commits, images, and pipelines to create a chain of trust for your open source components and transitive dependencies with open source projects.