Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Protecting Ourselves from CNCFgate - Software Supply Chain Security at CNCF - Practices, and Tools

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the critical aspects of software supply chain security in cloud-native environments through this informative conference talk. Delve into the complexities of securing modern software systems with increasing dependencies and learn about industry consensus on baseline properties for a secure software supply chain. Discover why these measures may not be sufficient to protect against high-profile attacks and how to improve security practices. Gain insights from the CNCF SIG-Security Supply Chain Working Group's experience, focusing on the intricacies and challenges of maintaining a tightly-secured software supply chain. Learn about five main areas of concern, including securing source code, dependencies, and build pipelines. Understand the importance of reproducible builds and explore unresolved challenges in the field. Get guidance on navigating supply chain security in cloud-native environments and discover how to get involved in improving industry-wide security practices.

Syllabus

Intro
Why is Cloud Native Supply Chain a Problem?
Navigating Supply Chain Security in Cloud Native
Five Main Areas
Securing the Source Code Start with the basics...
Securing the Dependencies • Scan & Validate dependencies • Remember - CVE's are a trailing indicatorl Look for operational hygiene
Securing the Build Pipeline Step 1: Read the DoD DevSecOps Reference Paper
Reproducible Builds
Unresolved Challenges
Framework with common tools and templates
Get Involved

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Protecting Ourselves from CNCFgate - Software Supply Chain Security at CNCF - Practices, and Tools

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.