Mind the Gap: Bridging Supply Chain Policy With Git-less GitOps and GUAC - Michael Lieberman, Kusari & Andrew Martin, ControlPlane

less than 1 minute read

Abstract

In a live supply chain attack demo, we demonstrate the latest security features of Flux CD and OpenSSF GUAC together in a hardened, wide-scale production scenario. When the next XZ or log4shell vulnerability lands, see how to assess, respond, and prevent proliferation before or after an attacker gets a foothold in your systems. See how to defend against an assault on your dependency tree, prevent hostile insiders from escalating their privilege, and lock down your production environment to harden it against future threats. We: Use OCI-first Flux CD to remove network routes to Git servers from production GUAC to manage dependency inventory and bring signal to the noise of CVE updates Timoni to reliably patch, customise, and verify deployments before release Flux Autopilot to roll out multi-tenancy lockdown, horizontal and vertical scaling, and persistent storage across fleets of clusters

Sched URL

Video

Share on

X Facebook LinkedIn Bluesky

About

Conferences

Mind the Gap: Bridging Supply Chain Policy With Git-less GitOps and GUAC - Michael Lieberman, Kusari & Andrew Martin, ControlPlane

Abstract

Video

Share on

You May Also Enjoy

Zero Trust at Shopify Scale: Automating MTLS Across Thousands of Services - Dani Santos & Michelle Mali, Shopify

Why Don’t We Have Both? Track Build- and Run-time Information for Security With Kubescape and GUAC - Jeff Mendoza, Kusari & Ben Hirschberg, ARMO

From Chaos To Control: Migrating Access Control To OpenFGA in a Multi-Tenant World - Jo Guerreiro, Grafana Labs & Poovamraj Thanganadar Thiagarajan, Okta

Fresh Secrets From the Docks: Lessons Learnt From Analyzing 180,000 Public DockerHub Images - Guillaume Valadon, GitGuardian