Secure Kubernetes Supply Chain: Lessons and Tools for Project Releases
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Explore the evolution of security features in Kubernetes releases and their impact on the software supply chain in this 34-minute conference talk. Discover how SIG Release has improved the Kubernetes release process since version 1.22, creating tools and processes that benefit the entire ecosystem. Learn about three key technologies: SBOMs for describing sources, artifacts, and dependencies; provenance attestations for SLSA compliance; and digital signatures implementation. Gain valuable insights into lessons learned and practical tools you can apply to secure your own project releases, enhancing trust and reliability in the software supply chain.
Syllabus
Make the Secure Kubernetes Supply Chain Work for You - Adolfo GarcÃa Veytia, Chainguard
Taught by
CNCF [Cloud Native Computing Foundation]