Explore a comprehensive guide to securing the software supply chain through SLSA (Supply-chain Levels for Software Artifacts) compliance in this 33-minute conference talk by Enguerrand Allamel from Ledger at CNCF's KubeCon event. Learn how to implement foundational security practices from build to runtime using Cloud Native Computing Foundation tools. Discover the integration of GitHub Actions for automated build processes, Cosign for keyless artifact signing, and Kyverno for runtime policy enforcement. Gain insights into managing and verifying artifact integrity with in-toto and Kubescape, providing a holistic approach to SLSA compliance in the Kubernetes ecosystem. Explore the potential of incorporating Hardware Security Modules (HSMs) to enhance key management security in signing processes, adding an extra layer of protection against attacks in the supply chain.
Securing the Supply Chain: A Practical Guide to SLSA Compliance from Build to Runtime
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Securing the Supply Chain: A Practical Guide to SLSA Compliance from Build to... Enguerrand Allamel
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Securing the Supply Chain: A Practical Guide to SLSA Compliance from Build to Runtime
-
Practical Supply Chain Security: Implementing SLSA Compliance from Build to Runtime
-
Sign, Attest, and Verify - A Practical Guide for Software Supply Chain Security
-
Securing Your Container Native Supply Chain with SLSA, GitHub and Tekton
-
SLSA - A Supply Chain Security Framework
-
SLSA: A Security Paradigm for Software Supply Chain Integrity
