docs(day1): OCM talk

content/day1/04_ocm.md

@@ -0,0 +1,57 @@
+---
+title: OCM: Rethinking Software Delivery with a Secure and Standardized Approach
+weight: 4
+tags:
+ - security
+ - delivery
+ - compliance
+---
+
+<!-- {{% button href="https://youtu.be/rkteV6Mzjfs" style="warning" icon="video" %}}Watch talk on YouTube{{% /button %}} -->
+<!-- {{% button href="https://docs.google.com/presentation/d/1nEK0CVC_yQgIDqwsdh-PRihB6dc9RyT-" style="tip" icon="person-chalkboard" %}}Slides{{% /button %}} -->
+
+## Challlenges
+
+### Baseline
+
+- Fan-in: SBOM
+- Fan-out: Deployment automation
+- In the middle: Out dev team and their product
+- Questions: How do we transport this stuff
+
+TODO: Steal illustartion
+
+### Tooling
+
+- Fan-in: Standard tools (SBOM, Containers, Maven, ...)
+- Fan-out: Diverse: Human in the Loop with different tools
+- Goal: Standardize everything and shift-left Deployment/Security/Compliance-Concerns
+
+## The open component model
+
+> Open standard created by SAP
+
+- Suggests standards
+- Contains example implementations but does not enforce them
+- Constructor: Defines what our product needs to run on a cluster (e.g. HelmChart, Container, ...)
+
+## Example
+
+```mermaid
+graph LR
+    SyncAgent-->|with SBOM|PreProduct
+    UIFramework-->|with SBOM|PreProduct
+    PreProduct-->|Helm, Cointainer|Product
+    Product-->|Bundle|AirgappedEnv
+    subgraph AirgappedEnv
+        Flux
+        Kro
+    end
+```
+
+## TL;DR
+
+- We can use the constructor to create a archive that contains our product with all dependencies offline-ready
+- We can upload the offline bundle into our airgapped oci registry or directory to our platform
+- The resources and contruction bundles are defined as kubernetes CRDs and the cli can be used for upload and download (prbly among other features)
+- The deployer defines how our resoruces shall be deploey (e.g. via flux)