Protecting Ourselves from CNCFgate - Software Supply Chain Security at CNCF - Practices, and Tools

Explore the critical aspects of software supply chain security in cloud-native environments through this informative conference talk. Delve into the complexities of securing modern software systems with increasing dependencies and learn about industry consensus on baseline properties for a secure software supply chain. Discover why these measures may not be sufficient to protect against high-profile attacks and how to improve security practices. Gain insights from the CNCF SIG-Security Supply Chain Working Group's experience, focusing on the intricacies and challenges of maintaining a tightly-secured software supply chain. Learn about five main areas of concern, including securing source code, dependencies, and build pipelines. Understand the importance of reproducible builds and explore unresolved challenges in the field. Get guidance on navigating supply chain security in cloud-native environments and discover how to get involved in improving industry-wide security practices.