Explore a comprehensive analysis of supply chain security in Kubernetes-based CI/CD platforms through this informative conference talk. Dive into the application of SLSA (Supply chain Levels for Software Artifacts) standards to Kubernetes environments, using Tekton as a case study. Learn how to conduct threat modeling to identify and mitigate potential vulnerabilities, including those exploitable by external actors, internal actors, and privileged admins. Gain insights into mapping trust boundaries to SLSA standards and witness practical demonstrations of compliance using open-source projects like Sigstore and SPIRE. Enhance your understanding of supply chain security and acquire valuable strategies for safeguarding artifact building processes on Kubernetes.
Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling - Christie Wilson & Priya Wadhwa
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Securing Your Container Native Supply Chain with SLSA, GitHub and Tekton
-
Cloud Native Supply Chain Security with Tekton and Sigstore
-
The Chain of Trust - Towards SLSA L3 with Tekton Trusted Artifacts
-
SLSA FRSCA Recipe for Secure Supply Chain
-
Road to SLSA3 - Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE
-
Putting the Supply Chain Pieces Together: A Deep Dive into the Secure Software Factory
