See It to Believe It: Bringing Observability to Container Builds
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore a conference talk that delves into enhancing observability for container builds in application supply chains. Learn about the critical importance of security and trust in the Continuous Integration (CI) pipeline, focusing on the typically opaque container build process. Discover how an open framework using tetragon can provide out-of-band runtime visibility and automated attestation for Tekton-based CI pipelines. Gain insights into the multi-stage container build process, including source code cloning, dependency resolution, application compilation, and artifact publishing. Understand the significance of establishing provenance and integrity assurance for every action in the pipeline to ensure trust in the final built artifact. Examine the limitations of existing tools like Tekton Chains and learn how to address the gap in lower-level syscall visibility during the build process.
Syllabus
See It to Believe It: Bringing Observability to Otherwise ... Parth Patel, Kusari & Shripad Nadgowda
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Tetragon: A Kubernetes Observability and Security ToolLinux Foundation via YouTube Introduction to Tetragon - CNCF Security Tool
CNCF [Cloud Native Computing Foundation] via YouTube eBPF for Observability: The Good, the Bad, and the Ugly
CNCF [Cloud Native Computing Foundation] via YouTube Combining Confidential Computing and Cloud Native Security
CNCF [Cloud Native Computing Foundation] via YouTube Securing the Superpowers: Who Loaded That eBPF Program?
CNCF [Cloud Native Computing Foundation] via YouTube