In this talk I’ll explain what is the Software Supply Chain, common threats and mitigations and how they apply to IAC ecosystem too. I’ll show off security threats using Terraform and its ecosystem and finally i’ll talk about OCI images talking about digital signatures and SBOM using Sigstore and Syft. I’ll do a live coding session showing off how to deploy secure OCI images on K8S cluster with security policies built with Kyverno, the session includes also security scanning using the generated SBOM.

Comments

Comments are closed.

Very interesting talk, citing a lot of interesting security incidents and suggesting a lot of useful tools to protect our projects for vulnerabilities

Noemi Mancini at 09:12 on 17 May 2024

An exhaustive exposition of the topic, with historical and more recent examples, and a concise list of practicable solutions.

Very useful talk, straight to the point

It was cool to have overview of standards and tools that can help us improve the supply chain safety. Great talk. I am looking forward to read many of the reference available in your slides.

it was insane and cool. great talk.