Kubernetes Supply Chain Security - Building a Secure Software Factory
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the critical topic of Kubernetes supply chain security in this 36-minute conference talk by Andrew Martin from Control Plane. Dive into the concept of a Software Factory approach for defending against supply chain risks, based on work from the US Air Force and DoD. Learn about the original supply chain attack described by Ken Thompson 35 years ago and how it relates to modern threats like the SUNBURST attacks. Discover how cloud native technologies can address these challenges through a showcase of building a Kubernetes Software Factory with Tekton. Gain insights into signing and verification approaches using tools such as in-toto, TUF, SPIFFE, SPIRE, and sigstore. Examine lessons learned from recent attacks and explore future cloud native solutions for hardening Kubernetes, builds, and infrastructure. Understand the complexities of the producer-consumer problem in supply chain relationships across various levels of industry and technology.
Syllabus
Intro
About Control Plane
Agenda
Supply Chain Security
What is a Supply Chain
Software Supply Chain
Post Bare Metal
Software Factory
Supply Chain
Attack
Danger Zone
Supply chain compromises
How do we attack
Salsa
Reverse Shell
Trivia Scan
Signing
Container Images
Chain Guards
Reference Architecture
Entoto
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Continuous Integration and Continuous Delivery (CI/CD)IBM via Coursera Continuous Integration and Delivery (CI/CD)
IBM via edX Adopting CDEvents and Embracing Interoperability in Software Delivery
Linux Foundation via YouTube An Introduction to Cloud Native Technologies
All Things Open via YouTube Argo and Tekton - Pushing the Boundaries of the Possible on Kubernetes
CNCF [Cloud Native Computing Foundation] via YouTube