Explore a 26-minute conference talk from DockerCon 2023 focusing on supply chain security in enterprise environments. Dive into the challenges posed by the extensive use of open source software, where even small systems can have thousands of dependencies, and large enterprises track millions of components. Discover how Lockheed Martin is leveraging open source solutions like the Sigstore product suite and TestifySec's Archivista to enhance software supply chain transparency and accountability. Learn about programmatic evidence generation for software builds, including dependency provenance. Gain insights from Patrick Kwiatkowski, a Software Engineer at Lockheed Martin, on implementing open source solutions to address supply chain security challenges in large-scale enterprise settings.
Overview
Syllabus
Supply Chain Security in the Enterprise (DockerCon 2023)
Taught by
Docker
Related Courses
-
Enterprise Security Leadership: Understanding Supply Chain Security
-
Developer Security Champion: Supply Chain Security
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
-
Supply Chain Risk Management with OWASP Dependency-Check
-
Hardening Your Soft Software Supply Chain
-
Kubernetes Security: Implementing Supply Chain Security
