Learn about implementing robust security practices for open-source serverless platforms in this 19-minute conference talk from OpenSSF. Explore the implementation of SLSA specifications in Fission, a Kubernetes-based serverless framework, to combat software supply chain attacks. Discover practical approaches to reproducible builds, signed artifacts, and secure dependency management that protect against compromised builds and unauthorized modifications. Through code examples, examine how to integrate security practices into CI/CD pipelines, including automated security scanning, verification pipelines, and base image security. Gain insights from real-world experiences, implementation challenges, and key lessons learned while securing a globally-used open-source platform.
How We Adopted Secure Software Delivery Practices for Fission OSS Serverless Platform
Overview
Syllabus
How Have We Adopted Secure Software Delivery Practices for Fission OSS Serverles... - Sanket Sudake
Taught by
OpenSSF
Related Courses
-
![CNCF [Cloud Native Computing Foundation]](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Flogos%2Finstitutions%2Fcncf-cloud-native-computing-foundation-hz.png?auto=format&blur=200&h=40&ixlib=php-4.1.0&px=16&s=39a7386e89fe41aff1e1aa4e9df07aa2)
SLSA with Cosign and Kyverno - Securing Software Delivery in Cloud Native Environments
-
Cooking up Secure OCI Artifacts with SLSA - Implementing Software Supply Chain Security
-
Open Source Software Supply Chain Security - Understanding Threats and Best Practices
-
Secure Kubernetes Supply Chain: Lessons and Tools for Project Releases
-
SLSA FRSCA Recipe for Secure Supply Chain
-
Road to SLSA3 - Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE
![CNCF [Cloud Native Computing Foundation]](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Flogos%2Finstitutions%2Fcncf-cloud-native-computing-foundation-hz.png?auto=format&h=40&ixlib=php-4.1.0&s=41ac519a3d7def6c705637a8ae3c06c4){kind=small}
