YoVDO

Securing Your Supply Chain by Building with FRSCA

Offered By: Linux Foundation via YouTube

Tags

Software Supply Chain Security Courses SLSA Courses OpenSSF Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore how to secure your software supply chain using FRSCA (Framework for Rapid Secure Creation of Artifacts) in this conference talk. Learn about common supply chain attacks and their potential to compromise downstream software. Discover how FRSCA, an OpenSSF project implementing the CNCF's Secure Software Factory Reference Architecture, helps protect against build pipeline vulnerabilities. Understand FRSCA's suite of tools and abstractions designed to simplify secure build pipeline creation, adhering to security standards like SLSA and NIST's SSDF. Gain insights into generating attested metadata, including software bill of materials (SBOM) and SLSA attestations. Follow along as the speaker demonstrates FRSCA's capabilities in preventing, reacting to, and auditing supply chain attacks, and explore the architecture, pipeline framework, and shared responsibilities involved in implementing this security solution.

Syllabus

Introduction
Threats
Provenance
Pipeline Framework
FRSCA
FRSCA highlights
FRSCA Architecture
FRSCA Pipeline Framework
What is Q
Shared Responsibilities
Pipelines
Configuration
Example Layout
Demo
Next Steps
Additional Resources


Taught by

Linux Foundation

Tags

Related Courses

Hardening Your Soft Software Supply Chain
Pluralsight
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight
Securing Your Software Supply Chain with Sigstore
Linux Foundation via edX
GitHub Supply Chain Security Using GitGat
Linux Foundation via edX
Kyverno - Deep Dive - Tech Talks
Mirantis via YouTube