Putting the Supply Chain Pieces Together: A Deep Dive into the Secure Software Factory
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Dive deep into the implementation of the CNCF's Secure Software Factory reference architecture in this conference talk. Explore the holistic nature of supply chain security and discover how the reference architecture addresses the software provenance gap faced by many projects and organizations. Learn how cloud native tools, when properly configured and implemented, can enhance artifact trustworthiness and provide reliable provenance. Examine a system built on tools like Kyverno, Tekton, Chains, Spire, and Sigstore, and understand how they interconnect to create software meeting high SLSA levels. Gain insights into the Secure Software Factory's functionality, build environment, defaults, configuration, and practical application through an example build.
Syllabus
Introduction
What is the Secure Software Factory
What does the Secure Software Factory do
Build Environment
Example Build
What is SFF
SFF Defaults
SFF Configuration
SFF in Action
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Introducción a SPIFFE y SPIRE - Autenticando servicios nativos de la nubeEkoparty Security Conference via YouTube Road to SLSA3 - Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE
Linux Foundation via YouTube How SPIFFE Helps Istio in Service Mesh Federation
Linux Foundation via YouTube Trust No System: The Unsettling Reality of Zero Trust
CNCF [Cloud Native Computing Foundation] via YouTube Growing SPIFFE and SPIRE in 2023 and Beyond - Secure Identity Management Progress
CNCF [Cloud Native Computing Foundation] via YouTube