YoVDO

Open Tools for Secure Supply Chains in Kubernetes - From Release Engineering

Offered By: Linux Foundation via YouTube

Tags

Kubernetes Courses Supply Chain Security Courses Container Security Courses Release Engineering Courses Sigstore Courses SLSA Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a comprehensive conference talk on open tools for secure supply chains in Kubernetes. Dive into the Kubernetes Release Engineering Team's efforts to achieve SLSA Level 3 compliance, resulting in a suite of open-source projects for supply chain security. Learn about building and publishing SBOMs, securely releasing staged images and artifacts, signing and verifying container images using Sigstore, and generating SLSA attestations. Discover how these tools can be applied beyond Kubernetes to other projects and companies. Witness a demo of a SLSA-compliant pipeline using Kubernetes Release Engineering tools, applicable to any project's release process. Gain insights into challenges of release, supply chain security, visibility enhancement, machine-readable manifests, and an overview of Salsa, Bomb, and Tecolote tools.

Syllabus

Intro
Challenges of release
Supply chain security
Gain visibility into the supply chain
Machine readable manifest
Salsa overview
Bomb
Tecolote
Demo
Outro


Taught by

Linux Foundation

Tags

Related Courses

Ketchup, Mustard, and Relish of Software Supply Chain Security - Panel Discussion
Linux Foundation via YouTube SLSA in Action: Securing the Software Supply Chain
Linux Foundation via YouTube Securing Your Supply Chain by Building with FRSCA
Linux Foundation via YouTube Google SLSA and NIST SSDF - Emerging Software Supply Chain Security Best Practices
Linux Foundation via YouTube Road to SLSA3 - Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE
Linux Foundation via YouTube