Explore a lightning talk demonstrating the integration of OpenSSF projects within a build pipeline to create trusted container artifacts. Learn how to utilize cosign, SBOMs, and SLSA to enhance security and trust in your deployment process. Discover the implementation of kpack for building container images on a Kubernetes cluster, and see how to integrate cosign for generating signed images. Understand the role of Cloud Native Buildpacks in generating SBOMs during the build activity. Examine the benefits of isolating build infrastructure on a Kubernetes cluster to achieve a hermetic and parameterless build process, and learn how to score it against appropriate SLSA levels.
Better Build Pipelines with OpenSSF Projects - Enhancing Trust and Security
Overview
Syllabus
In Honk We Trust: Better Build Pipelines - Ram Iyengar, Cloud Foundry Foundation
Taught by
OpenSSF
