See It to Believe It: Bringing Observability to Container Builds

Explore a conference talk that delves into enhancing observability for container builds in application supply chains. Learn about the critical importance of security and trust in the Continuous Integration (CI) pipeline, focusing on the typically opaque container build process. Discover how an open framework using tetragon can provide out-of-band runtime visibility and automated attestation for Tekton-based CI pipelines. Gain insights into the multi-stage container build process, including source code cloning, dependency resolution, application compilation, and artifact publishing. Understand the significance of establishing provenance and integrity assurance for every action in the pipeline to ensure trust in the final built artifact. Examine the limitations of existing tools like Tekton Chains and learn how to address the gap in lower-level syscall visibility during the build process.