Overview
Explore the implementation of non-falsifiable provenance in Tekton using SPIFFE/SPIRE in this 38-minute conference talk presented by Parth Patel from IBM and Brandon Lum from Google. Delve into the journey towards achieving Supply Chain Levels for Software Artifacts (SLSA) Level 3 compliance, focusing on enhancing software supply chain security. Learn about the integration of SPIFFE (Secure Production Identity Framework for Everyone) and SPIRE (SPIFFE Runtime Environment) within the Tekton CI/CD framework to establish robust, tamper-resistant provenance for software artifacts. Gain insights into the challenges, solutions, and best practices for implementing these security measures in modern software development pipelines.
Syllabus
Road to SLSA3: Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE - Parth Patel & Brandon Lum
Taught by
Linux Foundation