YoVDO

Securing the Supply Chain: A Practical Guide to SLSA Compliance from Build to Runtime

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Supply Chain Security Courses Kubernetes Courses GitHub Actions Courses Cosign Courses Kubescape Courses Kyverno Courses in-toto Courses SLSA Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a comprehensive guide to securing the software supply chain through SLSA (Supply-chain Levels for Software Artifacts) compliance in this 34-minute conference talk by Enguerrand Allamel from Ledger at CNCF's KubeCon event. Gain insights into foundational practices for securing software from build to runtime using CNCF tools. Learn how to leverage GitHub Actions for automating build processes, integrate Cosign for keyless artifact signing, and implement Kyverno for runtime policy enforcement. Discover the roles of in-toto and Kubescape in managing and verifying artifact integrity within the Kubernetes ecosystem. Understand the potential integration of Hardware Security Modules (HSMs) for enhanced key management security in signing processes. Perfect for beginners, this talk provides a practical approach to navigating supply chain security complexities and achieving SLSA compliance in cloud-native environments.

Syllabus

Securing the Supply Chain: A Practical Guide to SLSA Compliance from Build to...- Enguerrand Allamel


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Ketchup, Mustard, and Relish of Software Supply Chain Security - Panel Discussion
Linux Foundation via YouTube
SLSA in Action: Securing the Software Supply Chain
Linux Foundation via YouTube
Securing Your Supply Chain by Building with FRSCA
Linux Foundation via YouTube
Open Tools for Secure Supply Chains in Kubernetes - From Release Engineering
Linux Foundation via YouTube
Google SLSA and NIST SSDF - Emerging Software Supply Chain Security Best Practices
Linux Foundation via YouTube