Securing Your Container Native Supply Chain with SLSA, Github and Tekton - Laurent Simon, Google & Priya Wadhwa, Chainguard
Abstract
Supply chain security has been a huge topic of discussion in recent months, and protecting your supply chain has become more important than ever. In this talk, Laurent Simon and Priya Wadhwa will discuss how to practically apply the principles of SLSA to secure your container native build system. They’ll start by covering how to use the in-toto project to create and verify source code attestations. They’ll also do a step-by-step demo of achieving SLSA Level 2 in common build systems like Tekton and Github Actions. If you’ve been wanting to secure your supply chain, but haven’t known where to start, then this talk is for you! Priya has given a related talk at SupplyChainSecurityCon on integrating Sigstore with Tekton. That talk focused on the theoretical integration, and this talk will practically show users how to secure an existing Tekton instance. This talk will also cover other build systems (e.g. Github Actions) which users may be using as part of their cloud native deployments.Click here to view captioning/translation in the MeetingPlay platform!