Overview
Explore comprehensive strategies for securing the software supply chain in Java applications through this informative conference talk. Delve into critical aspects of supply chain security, including Git commit integrity, dependency visibility, vulnerability scanning, and production artifact verification. Learn practical techniques, patterns, and technologies for secure dependency management, source code protection, safe build processes, and effective patching strategies. Discover Kubernetes-native approaches to supply chain security and witness live demonstrations of cutting-edge practices based on the SLSA framework and CNCF WG Security research. Gain hands-on insights into utilizing open-source tools such as Gradle, Sigstore, Cloud Native Buildpacks, Trivy, Syft, and Kyverno to enhance the security of your Java applications throughout the entire development lifecycle.
Syllabus
Securing the Supply Chain for Your Java Applications by Thomas Vitale
Taught by
Devoxx