Getting Started with Supply Chain Security is Easier Than You Think - Perspectives From a Highly Regulated Industry

Discover how to initiate supply chain security measures in highly regulated industries like banking through this 20-minute conference talk from KubeCon + CloudNativeCon Europe 2022. Learn about the growing importance of securing the software supply chain in light of increasing attacks and complex technological environments. Explore practical steps to begin your supply chain security journey, including understanding current technologies, establishing source code provenance, and improving audit and response capabilities for vulnerabilities. Gain insights into tools like SBOM, verification processes, metadata management, and admission controllers. Follow the journey from building and protecting images to validating and running them in production, with a focus on Docker pull and validation techniques. Acquire valuable knowledge to enhance your organization's security posture and protect against supply chain threats.

Intro
Why Supply Chain Security
Why Do We Care
Getting Started
Tools
Sbomb
Verification
Metadata
Admission Controller
What Happened
Building the Image
Protecting Production
Docker Pull
Validation
Running in Production
Wrapping Up
Production