Methodik & PraxisFrom Kitchen to Table
Abstract
Thu 8:45 - 9:30 Uhr | 2026
Think of your containerized Java application as a complex dish served to production. Your software supply chain is a kitchen. Would you trust a kitchen with hidden ingredients? SBOMs are the ingredient manifests that health inspectors (scanners) and regulators (compliance) demand. This practical talk addresses the real-world problems Java and DevOps teams face: enforcing policies at CI/CD stations (GitLab/GHA), verifying manifests for pre-packaged meals (hardened containers), and passing Kubernetes health inspections (OPA/Ratify). We’ll cut through the complexity of competing formats (SPDX/CycloneDX), registry storage quirks, and toolchain integration, showing how SBOMs become actionable security artifacts, not just paperwork. Learn to build a supply chain where every component is traceable, every vulnerability is blockable, and every deployment is compliant.
Dmitry Chuyko
BellSoft
Dmitry is an OpenJDK committer and conference speaker worldwide. The most interesting problems in applications are solved in conjunction with the base platform, as his previous experience has shown. Dmitry’s primary focus is optimizing HotSpot for x86 and ARM, and also building small, fast and secure JDK containers.