Hardening the Kubernetes Software Supply Chain Through Better Transparency
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the latest advancements in hardening the Kubernetes software supply chain through enhanced transparency in this informative conference talk. Delve into the three main areas of focus for SIG Release efforts following the refactoring of the Kubernetes release process. Learn about the inclusion of SPDX Bill of Materials in Kubernetes releases since v1.22, automatic verification of release artifact integrity and consistency, and digital signing of released artifacts with signature verification of upstream images. Gain insights into the tools created by SIG Release that can be leveraged by the community in other projects. Discover how these efforts contribute to deploying cloud native environments securely in increasingly complex software supply chains.
Syllabus
Introduction
Past Years: Foundations a New Release Process
Ownership of the Container Image Promoter
Current Efforts for 2021 and Beyond
SLSA Compliance
People+Code (We need to talk)
Closing Remarks
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Hardening Your Soft Software Supply ChainPluralsight DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight Securing Your Software Supply Chain with Sigstore
Linux Foundation via edX GitHub Supply Chain Security Using GitGat
Linux Foundation via edX Kyverno - Deep Dive - Tech Talks
Mirantis via YouTube