Real-World Supply-Chain Security - Alex Leong, Buoyant

less than 1 minute read

Abstract

Supply-chain security isn’t optional any more – but what does it take to actually get it working for an existing project? The Linkerd project recently had to go through exactly this exercise, which turned out to be quite a bit more involved than one might expect! We build multi-architecture images using both Rust and Go, we need fully-automated signing and attestation for all those artifacts, and we ship multiple images that all need the same treatment. What we found when we dove into doing this work was that the supply-chain ecosystem was less mature than we’d thought, and also that Linkerd’s build system wasn’t as well tailored to it as we would have liked. In this session, we’ll look at the challenges we found, the work we did to meet those challenges, and the places where there’s more yet to do – and while this is, of course, talking about the experiences of the Linkerd project, you’ll walk away with practical insights about how to manage your own supply chain security.

Sched URL

Video

Share on

X Facebook LinkedIn Bluesky

About

Conferences

Real-World Supply-Chain Security - Alex Leong, Buoyant

Abstract

Video

Share on

You May Also Enjoy

The Shared Service Blueprint: A Guide to Multi-Tenancy, Illustrated With KEDA - Aya Igarashi, Preferred Networks, Inc.

Tailor Made: Dynamic Fine-Grained Authorization for API Traffic - Erica Hughberg, Tetrate & Andres Aguiar, Okta

SPIFFE Meets OAuth: Federated Identity for Cloud Native Workloads - Yoshiyuki Tabata, Hitachi, Ltd.

SB💣💣M: Making SBOMs Play Together - Jacopo Bufalino, CNAM & Agathe Blaise, Thales SIX GTS France