Explore how to balance developer freedom with security requirements in this 18-minute conference talk by Andrew McNamara from Red Hat. Learn about creating flexible and adaptive pipelines that accommodate both proof-of-concept and production-quality code without compromising security. Discover how combining Tekton, Tekton Chains, and Enterprise Contract within a production CI environment can build a secure, flexible framework for software development. Understand the benefits of using SLSA provenance and policy enforcement to create risk-based policies that prevent unacceptable software from entering systems while allowing developers to innovate. Find out how to use the same pipeline for both development and production environments by implementing appropriate policies for each scenario.
Overview
Syllabus
Let Devs Be Devs Without Sacrificing Security - Andrew McNamara, Red Hat
Taught by
OpenSSF
Related Courses
-
DevOps Foundations: Security and DevSecOps
-
Enforcing Organization Policies with Enterprise Contract
-
Road to SLSA3 - Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE
-
Putting the Supply Chain Pieces Together: A Deep Dive into the Secure Software Factory
-
Achieving End-to-End Software Supply Chain Security with in-toto
-
In-Toto: Attestations and Software Supply Chain Security
