Supply Chain Security: From Infrastructure to Application, Code to Cloud

Join a 50-minute Linux Foundation live webinar exploring comprehensive supply chain security strategies. Delve into InfoSec principles, "everything as code" approaches, and the importance of supply chain context. Learn about declarative and deterministic security practices, securing various layers from infrastructure to application code, and protecting dependencies. Explore techniques for safeguarding open-source supply chains, container images, and deployments. Discover best practices for maintaining runtime security and gain valuable insights to enhance your organization's overall security posture.

Intro
Security (A.K.A. InfoSec)
Everything as code
Invert our thinking
The Importance of Supply Chain Context - Part 1
Declarative = Deterministic
The (Supply Chain) Layers
Secure the base (or cloud)
Securing the code (The actual application source code)
Securing your dependencies FRIENDS
Securing the (OSS) supply chain
Securing the image • Pros Teaches best practices
Layer 5: Securing the deployment . Abstractions Difficult to scan the code
The Runtime - Maintain the state of security!
Key takeaways