Kubernetes Supply Chain Security - Building a Secure Software Factory
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the critical topic of Kubernetes supply chain security in this 36-minute conference talk by Andrew Martin from Control Plane. Dive into the concept of a Software Factory approach for defending against supply chain risks, based on work from the US Air Force and DoD. Learn about the original supply chain attack described by Ken Thompson 35 years ago and how it relates to modern threats like the SUNBURST attacks. Discover how cloud native technologies can address these challenges through a showcase of building a Kubernetes Software Factory with Tekton. Gain insights into signing and verification approaches using tools such as in-toto, TUF, SPIFFE, SPIRE, and sigstore. Examine lessons learned from recent attacks and explore future cloud native solutions for hardening Kubernetes, builds, and infrastructure. Understand the complexities of the producer-consumer problem in supply chain relationships across various levels of industry and technology.
Syllabus
Intro
About Control Plane
Agenda
Supply Chain Security
What is a Supply Chain
Software Supply Chain
Post Bare Metal
Software Factory
Supply Chain
Attack
Danger Zone
Supply chain compromises
How do we attack
Salsa
Reverse Shell
Trivia Scan
Signing
Container Images
Chain Guards
Reference Architecture
Entoto
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Securing Your Infrastructure as Code PipelineLinux Foundation via YouTube Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
Linux Foundation via YouTube Software Supply Chain Security Case Study at Anaconda
Linux Foundation via YouTube Container Security: Supply Chain, Authorization, and Runtime Protection
Docker via YouTube In-Toto: Attestations and Software Supply Chain Security
CNCF [Cloud Native Computing Foundation] via YouTube