YoVDO

Trust But Verify: Bringing Supply Chain Integrity to CD GitOps

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

GitOps Courses Kubernetes Courses Continuous Deployment Courses Configuration Management Courses Supply Chain Security Courses Cloud-Native Applications Courses Sigstore Courses Admission Controllers Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a conference talk that delves into enhancing supply chain integrity in Continuous Deployment (CD) GitOps for Kubernetes cloud native applications. Learn how to address the lack of supply chain controls in GitOps automation, which currently fails to ensure integrity and tamper-proof deployments. Discover the challenges of applying typical signing and verification methods to Kubernetes manifests composed from multiple source assets and subject to template-based mutations. Gain insights into extending CD GitOps processes to provide verification of source assets with cluster enforcement of signatures and policy permissions. Understand how combining keyless signing via Sigstore and intersecting control points throughout GitOps can achieve accurate cryptographic signing of source assets and produce transparency of configuration provenance. Explore the use of admission controllers like integrity shield for validating pipeline integrity through cluster enforcement.

Syllabus

Trust But Verify: Bringing Supply Chain Integrity To CD GitOps - Yuji Watanabe & Hirokuni Kitahara


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Securing Your Software Supply Chain with Sigstore
Linux Foundation via edX Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Rawkode Academy via YouTube Protecting the World's Greatest Open Source Ecosystem with Sigstore
Devoxx via YouTube PGP vs Sigstore - The Match at Maven Central
Devoxx via YouTube Securing Your Infrastructure as Code Pipeline
Linux Foundation via YouTube