Protecting Ourselves from CNCFgate - Software Supply Chain Security at CNCF - Practices, and Tools
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
Why is Cloud Native Supply Chain a Problem?
Navigating Supply Chain Security in Cloud Native
Five Main Areas
Securing the Source Code Start with the basics...
Securing the Dependencies • Scan & Validate dependencies • Remember - CVE's are a trailing indicatorl Look for operational hygiene
Securing the Build Pipeline Step 1: Read the DoD DevSecOps Reference Paper
Reproducible Builds
Unresolved Challenges
Framework with common tools and templates
Get Involved
Taught by
CNCF [Cloud Native Computing Foundation]