Explore the intricate process of transforming Kubernetes source code into trustworthy artifacts in this informative conference talk. Gain insights into the workings of the Kubernetes Special Interest Group (SIG) Release, their recent achievements, and updated roadmap. Discover the ongoing efforts towards full SLSA (Supply-chain Levels for Software Artifacts) compliance and the move to community-controlled infrastructure for build processes and distribution. Learn about the expansion of artifact signing beyond containers and how to get involved in SIG Release. Understand the importance of these initiatives and the various ways to contribute, including SIG Release tooling, the Release Manager role, and the contributor ladder.
How SIG Release Cooks Trustworthy Artifacts From Raw Source Code - Kubernetes Build Process
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
How SIG Release Cooks Trustworthy... - Carlos Panato & Adolfo Veytia, Jeremy Rickard, Sascha Grunert
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Secure Your Project with the SIG Release Supply Chain Kit
-
Releasing Kubernetes Less Often and More Securely - SIG Release Update
-
Open Tools for Secure Supply Chains in Kubernetes - From Release Engineering
-
Secure Kubernetes Supply Chain: Lessons and Tools for Project Releases
-
Hardening the Kubernetes Software Supply Chain Through Better Transparency
-
A Practical Guide to SIG Release Tooling for Kubernetes Subprojects
