SLSA FRSCA Recipe for Secure Supply Chain
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore an end-to-end solution for securing the software supply chain in this conference talk by Parth Patel and Michael Lieberman from Kusari. Discover how the OpenSSF - FRSCA implements CNCF best practices to protect build systems, secure ingestion, and enforce policies in production environments. Learn about the integration of Tekton Pipelines/Chains, Sigstore, SPIFFE/SPIRE, and Kyverno to create a holistic approach meeting SLSA Level 3 requirements. Understand how CUE, admission controllers, and short-lived certificates can cryptographically protect clusters based on policy. Gain insights into binary authorization and how FRSCA validates signatures and attestations for authorization until the next release cycle. Explore this implementable architecture designed for the open source community and end-user organizations to produce and ingest SLSA compliant artifacts, addressing the multiple threats in the software supply chain ecosystem.
Syllabus
SLSA FRSCA Recipe For Secure Supply Chain - Parth Patel & Michael Lieberman, Kusari
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Introducción a SPIFFE y SPIRE - Autenticando servicios nativos de la nubeEkoparty Security Conference via YouTube Road to SLSA3 - Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE
Linux Foundation via YouTube Zero-Trust Supply Chain Security with Sigstore, TektonCD and SPIFFE
Linux Foundation via YouTube How SPIFFE Helps Istio in Service Mesh Federation
Linux Foundation via YouTube Trust No System: The Unsettling Reality of Zero Trust
CNCF [Cloud Native Computing Foundation] via YouTube