Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore a comprehensive analysis of supply chain security in Kubernetes-based CI/CD platforms through this informative conference talk. Dive into the application of SLSA (Supply chain Levels for Software Artifacts) standards to Kubernetes environments, using Tekton as a case study. Learn how to conduct threat modeling to identify and mitigate potential vulnerabilities, including those exploitable by external actors, internal actors, and privileged admins. Gain insights into mapping trust boundaries to SLSA standards and witness practical demonstrations of compliance using open-source projects like Sigstore and SPIRE. Enhance your understanding of supply chain security and acquire valuable strategies for safeguarding artifact building processes on Kubernetes.
Syllabus
Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling - Christie Wilson & Priya Wadhwa
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Introducción a SPIFFE y SPIRE - Autenticando servicios nativos de la nubeEkoparty Security Conference via YouTube Road to SLSA3 - Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE
Linux Foundation via YouTube How SPIFFE Helps Istio in Service Mesh Federation
Linux Foundation via YouTube Trust No System: The Unsettling Reality of Zero Trust
CNCF [Cloud Native Computing Foundation] via YouTube Growing SPIFFE and SPIRE in 2023 and Beyond - Secure Identity Management Progress
CNCF [Cloud Native Computing Foundation] via YouTube