Discover how to enhance your project's supply chain security using the SIG Release Supply Chain Kit in this informative conference talk. Learn about the tools developed by the Kubernetes SIG Release team over the past two years, now available for any project to utilize. Explore features such as Software Bill of Materials, signed SLSA provenance attestations, signed container images and artifacts, and secure GitHub release pages. Gain insights into how these tools are currently employed across various Cloud Native projects, including Knative, Istio, Cilium, CRI-O, and Vitess. Follow along with simple examples demonstrating how to implement better supply chain security measures in your own project using reusable GitHub actions. Conclude with an invitation to join the Kubernetes Release Engineering team for those passionate about CI/CD and software supply chain security.
Secure Your Project with the SIG Release Supply Chain Kit
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Secure Your Project with the SIG Release Supply Chain Kit - Adolfo García Veytia & Carlos Panato
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Secure Kubernetes Supply Chain: Lessons and Tools for Project Releases
-
How SIG Release Cooks Trustworthy Artifacts From Raw Source Code - Kubernetes Build Process
-
Releasing Kubernetes Less Often and More Securely - SIG Release Update
-
Demystify Secure Software Supply Chain Metadata
-
Open Tools for Secure Supply Chains in Kubernetes - From Release Engineering
-
Securing Python Projects Supply Chain
