Explore techniques for enforcing supply chain security and simplifying compliance audits for ArgoCD deployments in this 20-minute conference talk by Gopinath Rebala and Bob Boule from OpsMx. Learn how to address the challenges of increasing supply chain attacks and compliance requirements by implementing end-to-end auditing and secure supply chain workflows. Discover the use of open-source tools such as Guac, Sigstore, in-toto, Elastic, and Grafana to create a comprehensive attestation system for the entire delivery process. Gain insights into the concept of Delivery Bill of Materials (DBOM) based on SBOM, and understand best practices and potential pitfalls in implementing such a system. This talk, presented at a CNCF event, offers valuable knowledge for organizations looking to enhance their GitOps-based deployment security and streamline compliance auditing processes.
Enforcing Supply Chain Security and Simplifying Compliance Audit for ArgoCD Deployments
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Enforcing Supply Chain Security and Simplifying Compliance Audit... Gopinath Rebala & Bob Boule
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
In-Toto: Attestations and Software Supply Chain Security
-
Supply Chain Security - The First Steps
-
Achieving End-to-End Software Supply Chain Security with in-toto
-
State of the Art Supply Chain Security - In-toto, TUF, and SigStore
-
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
-
Software Supply Chain Security Case Study at Anaconda
