Explore the intricacies of secure software supply chain metadata in this 37-minute conference talk from DockerCon 2023. Gain clarity on key concepts like SBOMs, SLSA, provenance, attestations, signatures, and VEX, and understand how they interconnect to enhance software supply chain security. Learn to create top-tier container images with signed SBOMs and provenance attestations using Docker tools that adhere to the highest supply chain standards. Discover how Docker BuildKit, Docker Scout, and GitHub Actions can be leveraged to implement these security measures. Get insights into the White House Executive Order on software supply chain security and its implications for development teams. Dive into the principles underpinning a secure software supply chain and explore various types of metadata crucial for maintaining security standards in container images.
Overview
Syllabus
Demystify Secure Software Supply Chain Metadata (DockerCon 2023)
Taught by
Docker
Related Courses
-
Building the Software Supply Chain on Docker Official Images
-
Secure Software Supply Chain for CSSLP®
-
Securing Python Projects Supply Chain
-
Secure Kubernetes Supply Chain: Lessons and Tools for Project Releases
-
Secure Your Project with the SIG Release Supply Chain Kit
-
Reproducible Builds with BuildKit for Software Supply Chain Security
