How to Secure Your Supply Chain at Scale - Hemil Kadakia & Yonghe Zhao, Yahoo

less than 1 minute read

Abstract

In this session we will present a high-level system that protects against attacks — like unauthorized access, exploiting known vulnerabilities, injecting malicious software — by integrating open source tools such as Grafeas, Sigstore, Screwdriver, Kyverno & Anchore. In short, providing a unified solution for securing various aspects of the software supply chain. As one of the top ten visited websites on the Internet, Yahoo’s massive scale across hybrid cloud and mobile platforms makes the security of our brands paramount — especially in today’s evolving software supply chain landscape. This talk will deep dive into our primary use cases of source code scanning, security misconfiguration detection, vulnerability management, and protecting K8s deployments using dynamic policies. Attendees will leave with a framework for successfully managing the same tools Yahoo uses to simplify the developer experience.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

How to Secure Your Supply Chain at Scale - Hemil Kadakia & Yonghe Zhao, Yahoo

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google