Explore perspectives on cloud native supply chain security beyond Software Bills of Materials (SBOMs) in this 35-minute conference talk from the Cloud Native Computing Foundation (CNCF). Gain insights from a panel of open source maintainers as they demystify the complex landscape of software supply chain security in the cloud native ecosystem. Learn about straightforward approaches and simple security hygiene practices that can significantly improve your security posture. Discover how existing tools and projects within the CNCF, such as TUF, in-toto, and witness, as well as initiatives from sibling organizations like OpenSSF's SLSA and GUAC, can address current supply chain security challenges. Understand the relationships between various security concepts, including SBOMs, SLSA, VEX, and CVEs, and how they fit into the broader picture of cloud native security. Get a glimpse into the future of supply chain security and leave with practical knowledge to navigate the rapidly evolving cloud native landscape more confidently.
Cloud Native Supply Chain Security: Beyond SBOMs - Perspectives and Practices
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
It's Not Just About SBOMs: Perspectives on Cloud Native Supply Chain Security
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
SBOMs, VEX, and Kubernetes - Software Supply Chain Security in Cloud Native Environments
-
GUAC Verification for Software Supply Chain Security
-
Navigating the Software Supply Chain Defense Landscape
-
In-Toto: Attestations and Software Supply Chain Security
-
In-Toto: Protecting Software Supply Chain in Cloud Native and Confidential Containers
-
Securing Your Container Native Supply Chain with SLSA, GitHub and Tekton
