Explore the critical aspects of securing the software supply chain in this 20-minute conference talk. Learn about the in-toto and SPIRE projects, and their role in addressing current gaps in open-source ecosystems. Discover how to implement a cryptographically attestable software pipeline with automated certificate issuance. Delve into topics such as Zero Trust Architecture, CICD Pipeline, and Evidence-based Trust. Gain insights into SPIRE's functionality and witness a practical demonstration. This presentation, delivered by Cole Kennedy and Mikhail Swift from BoxBoat Technologies at KubeCon + CloudNativeCon North America 2021, offers valuable knowledge for developers and end-users of CNCF-hosted projects like Kubernetes, Prometheus, and Envoy.
Securing the Software Supply Chain with the In-toto and SPIRE Projects
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Introduction
The problem at hand
Zero Trust Architecture
CICD Pipeline
Evidencebased Trust
How does it work
What is SPIRE
How SPIRE works
Demo
Taught by
CNCF [Cloud Native Computing Foundation]
