Explore the critical topic of securing Infrastructure as Code (IaC) supply chains in this informative conference talk. Delve into the application of software supply chain security principles to modern IaC pipelines, as presented by Jesse Sanford from Autodesk and Jason Hall from Chainguard. Learn about the potential threats to IaC ecosystems and how DevSecOps practitioners can leverage patterns and practices from projects like SLSA. Discover the design changes to the Crossplane package management system and its integration with Sigstore, enabling IaC provenance and attestations. Witness a demonstration of "admission control" for IaC, providing inspiration for further advancements in Secure IaC Supply Chains. Gain valuable insights into protecting your infrastructure orchestration and staying ahead of potential supply chain attacks in the rapidly evolving landscape of cloud-native technologies.
Overview
Syllabus
Securing the IaC Supply Chain - Jesse Sanford, Autodesk & Jason Hall, Chainguard
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Securing Your Infrastructure as Code Pipeline
-
Securing Your Container Native Supply Chain with SLSA, GitHub and Tekton
-
SLSA FRSCA Recipe for Secure Supply Chain
-
Secure Kubernetes Supply Chain: Lessons and Tools for Project Releases
-
In-Toto: Attestations and Software Supply Chain Security
-
Open Tools for Secure Supply Chains in Kubernetes - From Release Engineering
