Building the Software Supply Chain on Docker Official Images
Offered By: Docker via YouTube
Course Description
Overview
Explore Docker's approach to securing the software supply chain in this 33-minute DockerCon 2023 talk. Discover how Docker is modernizing its toolchain to provide security by default, including software bill of materials (SBOMs), provenance, cryptographic signing, and verification. Learn about the application of these principles to Docker Official Images (DOI), a significant component in most teams' software supply chains. Gain insights into how Docker and BastionZero leverage open standards like The Update Framework (TUF) and Supply-Chain Levels for Software Artifacts (SLSA), along with a novel decentralized signing approach using modern cryptographic methods. Understand how these innovations are being incorporated into open-source projects like BuildKit and the Docker CLI to enhance software supply chain metadata and verification.
Syllabus
Building the Software Supply Chain on Docker Official Images (DockerCon 2023)
Taught by
Docker
Related Courses
Target Rich Cyber PoorBSidesLV via YouTube The A's, B's, and Four C's of Testing Cloud-Native Applications
LASCON via YouTube SBOM Challenges and How to Fix Them
BSidesLV via YouTube The Case for Software Bill of Materials
BSidesLV via YouTube Collaborating to Improve Open Source Security - How the Ecosystem Is Stepping Up
RSA Conference via YouTube