Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Securing Open Source Software Supply Chain - Continuous Secure Software Ingestion

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the challenges and solutions for securing open-source software (OSS) ingestion in enterprise environments through this 26-minute conference talk by James Holland from Citi. Learn about the limitations of package managers in security checking and the need for additional measures to ensure safe OSS usage. Discover the Continuous Secure Software Ingestion (CSSI) application, a policy-driven system built on Tekton and Open Policy Agent (OPA), designed to perform continuous secure ingestion from various sources, including Google AOS. Gain insights into the additional constraints placed on downstream enterprise Software Composition Analysis (SCA) tooling to handle the resulting data graph. Understand the importance of automated grooming of OSS artifacts and the implementation of robust security checks during the ingestion process and beyond.

Syllabus

How’s Your Supply Chain with Your Insecure OSS Ingestion? - James Holland, Citi

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Securing Open Source Software Supply Chain - Continuous Secure Software Ingestion

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.