Overview
Explore a comprehensive system for securing software supply chains at scale in this conference talk from Yahoo experts. Learn how to integrate open-source tools like Grafeas, Sigstore, Screwdriver, Kyverno, and Anchore to protect against unauthorized access, known vulnerabilities, and malicious software injection. Discover Yahoo's unified solution for securing various aspects of the software supply chain, designed to meet the demands of one of the internet's top ten most visited websites. Dive deep into primary use cases including source code scanning, security misconfiguration detection, vulnerability management, and protecting Kubernetes deployments using dynamic policies. Gain insights into simplifying the developer experience while maintaining robust security measures across hybrid cloud and mobile platforms. Walk away with a practical framework for implementing the same tools and strategies used by Yahoo to secure their massive-scale operations in today's evolving software supply chain landscape.
Syllabus
How to Secure Your Supply Chain at Scale - Hemil Kadakia & Yonghe Zhao, Yahoo
Taught by
CNCF [Cloud Native Computing Foundation]