Explore the implementation of non-falsifiable provenance in Tekton using SPIFFE/SPIRE in this 38-minute conference talk presented by Parth Patel from IBM and Brandon Lum from Google. Delve into the journey towards achieving Supply Chain Levels for Software Artifacts (SLSA) Level 3 compliance, focusing on enhancing software supply chain security. Learn about the integration of SPIFFE (Secure Production Identity Framework for Everyone) and SPIRE (SPIFFE Runtime Environment) within the Tekton CI/CD framework to establish robust, tamper-resistant provenance for software artifacts. Gain insights into the challenges, solutions, and best practices for implementing these security measures in modern software development pipelines.
Road to SLSA3 - Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE
Overview
Syllabus
Road to SLSA3: Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE - Parth Patel & Brandon Lum
Taught by
Linux Foundation
Tags
Related Courses
-
SLSA FRSCA Recipe for Secure Supply Chain
-
The Chain of Trust - Towards SLSA L3 with Tekton Trusted Artifacts
-
Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling
-
Zero Trust Supply Chains with Project Sigstore and SPIFFE
-
Analyzing Google's SLSA Framework for Securing Software Supply Chains
-
Cloud Native Supply Chain Security with Tekton and Sigstore
