Putting the Supply Chain Pieces together: A Deep Dive into the Secure software Factory - Michael Lieberman, Citi

less than 1 minute read

Abstract

In this deep dive on supply chain security Michael Lieberman will go into a deep dive on an implementation of the CNCF’s Secure Software Factory reference architecture. The talk will discuss the holistic nature of the supply chain security problem space and how the reference architecture highlights the software provenance gap that many projects and organizations trying to improve their security posture have. Michael will show how cloud native tools, configured and implemented in the right ways, can help in providing reliable provenance while increasing the trustworthiness of the artifacts you build. A system built on top of tools like Kyverno, Tekton, Chains, Spire and Sigstore will be shown how they can be tied together to build software that hits high SLSA levels.Click here to view captioning/translation in the MeetingPlay platform!

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Putting the Supply Chain Pieces together: A Deep Dive into the Secure software Factory - Michael Lieberman, Citi

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google