Building the Software Supply Chain on Docker Official Images (DockerCon 2023)

Docker revolutionized software development by making containers accessible to all developers. Learn how Docker is now reimagining securing the software supply chain (SSC) to make security the easy default for all developers. Docker is modernizing its toolchain — tools you use everyday — to provide SSC security by default: software bill of materials (SBOMs), provenance, cryptographic signing, verification, and more. This DockerCon talk demonstrates the application of these principles and tools to the Docker Official Images (DOI) catalog. With billions of pulls from Docker Hub each month, DOI are a significant link in most teams’ software supply chains. Also find out how Docker and BastionZero have leveraged open standards like The Update Framework (TUF) and Supply-Chain Levels for Software Artifacts (SLSA) along with a novel, decentralized signing approach that leverages modern cryptographic approaches, including OpenPubkey, to augment open source projects like BuildKit and the Docker CLI to incorporate SSC metadata and verification.

Presentation: Building the Software Supply Chain on Docker Official Images
Speaker: Ethan James Heilman, PhD, James Carnegie

Resources:

Join the conversation!

ABOUT DOCKER: Docker provides a suite of development tools, services, trusted content, and automations, used individually or together, to accelerate the delivery of secure applications.

#docker #dockerimages #SoftwareSupplyChain