In this deep dive on supply chain security Michael Lieberman will go into a deep dive on an implementation of the CNCF's Secure Software Factory reference architecture. The talk will discuss the holistic nature of the supply chain security problem space and how the reference architecture highlights the software provenance gap that many projects and organizations trying to improve their security posture have. Michael will show how cloud native tools, configured and implemented in the right ways, can help in providing reliable provenance while increasing the trustworthiness of the artifacts you build. A system built on top of tools like Kyverno, Tekton, Chains, Spire and Sigstore will be shown how they can be tied together to build software that hits high SLSA levels.
Click here to view captioning/translation in the MeetingPlay platform!
