Hardening the Kubernetes Software Supply Chain Through Better Transparency
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the latest advancements in hardening the Kubernetes software supply chain through enhanced transparency in this informative conference talk. Delve into the three main areas of focus for SIG Release efforts following the refactoring of the Kubernetes release process. Learn about the inclusion of SPDX Bill of Materials in Kubernetes releases since v1.22, automatic verification of release artifact integrity and consistency, and digital signing of released artifacts with signature verification of upstream images. Gain insights into the tools created by SIG Release that can be leveraged by the community in other projects. Discover how these efforts contribute to deploying cloud native environments securely in increasingly complex software supply chains.
Syllabus
Introduction
Past Years: Foundations a New Release Process
Ownership of the Container Image Promoter
Current Efforts for 2021 and Beyond
SLSA Compliance
People+Code (We need to talk)
Closing Remarks
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Certified Kubernetes Security Specialist (CKS)A Cloud Guru Kubernetes Security
A Cloud Guru Kubernetes Security (Advanced Concepts)
A Cloud Guru Architecting with Google Kubernetes Engine: Production en Français
Google Cloud via Coursera Architecting Google Kubernetes Engine Production in italiano
Google Cloud via Coursera