Explore the evolution of security features in Kubernetes releases and their impact on the software supply chain in this 34-minute conference talk. Discover how SIG Release has improved the Kubernetes release process since version 1.22, creating tools and processes that benefit the entire ecosystem. Learn about three key technologies: SBOMs for describing sources, artifacts, and dependencies; provenance attestations for SLSA compliance; and digital signatures implementation. Gain valuable insights into lessons learned and practical tools you can apply to secure your own project releases, enhancing trust and reliability in the software supply chain.
Secure Kubernetes Supply Chain: Lessons and Tools for Project Releases
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Make the Secure Kubernetes Supply Chain Work for You - Adolfo GarcÃa Veytia, Chainguard
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Secure Your Project with the SIG Release Supply Chain Kit
-
Developer Security Champion: Supply Chain Security
-
Secure Software Supply Chain for CSSLP®
-
Open Tools for Secure Supply Chains in Kubernetes - From Release Engineering
-
Securing Python Projects Supply Chain
-
Demystify Secure Software Supply Chain Metadata
