Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Hardening the Kubernetes Software Supply Chain Through Better Transparency

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the latest advancements in hardening the Kubernetes software supply chain through enhanced transparency in this informative conference talk. Delve into the three main areas of focus for SIG Release efforts following the refactoring of the Kubernetes release process. Learn about the inclusion of SPDX Bill of Materials in Kubernetes releases since v1.22, automatic verification of release artifact integrity and consistency, and digital signing of released artifacts with signature verification of upstream images. Gain insights into the tools created by SIG Release that can be leveraged by the community in other projects. Discover how these efforts contribute to deploying cloud native environments securely in increasingly complex software supply chains.

Syllabus

Introduction
Past Years: Foundations a New Release Process
Ownership of the Container Image Promoter
Current Efforts for 2021 and Beyond
SLSA Compliance
People+Code (We need to talk)
Closing Remarks

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Hardening the Kubernetes Software Supply Chain Through Better Transparency

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.