Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling

Explore a comprehensive analysis of supply chain security in Kubernetes-based CI/CD platforms through this informative conference talk. Dive into the application of SLSA (Supply chain Levels for Software Artifacts) standards to Kubernetes environments, using Tekton as a case study. Learn how to conduct threat modeling to identify and mitigate potential vulnerabilities, including those exploitable by external actors, internal actors, and privileged admins. Gain insights into mapping trust boundaries to SLSA standards and witness practical demonstrations of compliance using open-source projects like Sigstore and SPIRE. Enhance your understanding of supply chain security and acquire valuable strategies for safeguarding artifact building processes on Kubernetes.

Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling - Christie Wilson & Priya Wadhwa