Mind the Gap: Bridging Supply Chain Policy With Git-less GitOps and GUAC - Michael Lieberman, Kusari & Andrew Martin, ControlPlane

less than 1 minute read

Abstract

In a live supply chain attack demo, we demonstrate the latest security features of Flux CD and OpenSSF GUAC together in a hardened, wide-scale production scenario. When the next XZ or log4shell vulnerability lands, see how to assess, respond, and prevent proliferation before or after an attacker gets a foothold in your systems. See how to defend against an assault on your dependency tree, prevent hostile insiders from escalating their privilege, and lock down your production environment to harden it against future threats. We: Use OCI-first Flux CD to remove network routes to Git servers from production GUAC to manage dependency inventory and bring signal to the noise of CVE updates Timoni to reliably patch, customise, and verify deployments before release Flux Autopilot to roll out multi-tenancy lockdown, horizontal and vertical scaling, and persistent storage across fleets of clusters

Sched URL

Video