YoVDO

Spicing up Container Image Security with SLSA and GUAC

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Container Security Courses DevOps Courses Kubernetes Courses GitHub Actions Courses Supply Chain Security Courses Sigstore Courses Kyverno Courses SLSA Courses GUAC Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore container image security enhancement techniques using SLSA (Supply chain Levels for Software Artifacts) and GUAC (Graph for Understanding Artifact Composition) in this informative conference talk. Learn how to add SLSA provenance metadata to container images and establish strong links between images and their source code across multiple build systems, including GitHub Actions and Google Cloud Build. Discover methods for verifying images and their metadata before deployment, both locally and in Kubernetes environments. Gain insights into using policy engines like Kyverno and Sigstore policy-controller to verify an image's source code repository, builder identity, and build entry points, enhancing protection against malicious images in production environments. Delve into the integration of SLSA with GUAC to gain a deeper understanding of image supply chains, including contents and build provenance from base layers upwards.

Syllabus

Spicing up Container Image Security with SLSA & GUAC - Ian Lewis, Google


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Cyber Security in Manufacturing
University at Buffalo via Coursera Supply Chain and Operations Management Tips
LinkedIn Learning Kubernetes Security: Implementing Supply Chain Security
Pluralsight Implement Cybersecurity Best Practices in Your Organization
Salesforce via Trailhead ISC2 Certified Secure Software Life-Cycle Professional (CSSLP)
Cybrary