Explore a comprehensive conference talk on open tools for secure supply chains in Kubernetes. Dive into the Kubernetes Release Engineering Team's efforts to achieve SLSA Level 3 compliance, resulting in a suite of open-source projects for supply chain security. Learn about building and publishing SBOMs, securely releasing staged images and artifacts, signing and verifying container images using Sigstore, and generating SLSA attestations. Discover how these tools can be applied beyond Kubernetes to other projects and companies. Witness a demo of a SLSA-compliant pipeline using Kubernetes Release Engineering tools, applicable to any project's release process. Gain insights into challenges of release, supply chain security, visibility enhancement, machine-readable manifests, and an overview of Salsa, Bomb, and Tecolote tools.
Open Tools for Secure Supply Chains in Kubernetes - From Release Engineering
Overview
Syllabus
Intro
Challenges of release
Supply chain security
Gain visibility into the supply chain
Machine readable manifest
Salsa overview
Bomb
Tecolote
Demo
Outro
Taught by
Linux Foundation
Tags
Related Courses
-
Kubernetes Security: Implementing Supply Chain Security
-
Secure Your Project with the SIG Release Supply Chain Kit
-
Secure Kubernetes Supply Chain: Lessons and Tools for Project Releases
-
Building Images for the Secure Supply Chain
-
Securing Kubernetes Manifests with Sigstore Cosign - Options and Best Practices
-
Releasing Kubernetes Less Often and More Securely - SIG Release Update
