filmov
tv
HANDS-ON Supply Chain Security With Cosign & Kyverno
Показать описание
Software supply chain attacks have increased 650% in 2021! The SLSA framework for the security and integrity of software artifacts through a supply chain provides detailed guidelines on securing a software supply chain. Join Jim, and learn SLSA, how you can take an insecure image and add signing and verification of the image using Cosign and Kyverno to comply with SLSA guidelines.
About the Guest
🎓 Jim Bugwadia | Co-founder and CEO Nirmata 🎓
▬▬▬▬▬▬ ⏲️ Time Code ⏲️ ▬▬▬▬▬▬
0:00 💙 Welcome Everyone 💙
1:18 Why so much noise around supply chain security?
6:50 Why we care about signing container images?
10:43 What is SLSA? how can I use this patterns to secure my software supply chain?
20:00 What are the advantages of signing the images and provide attestation at admission controller level?
23:21 An overview of project sigstore cosign, fulcio and rekor?
28:35 What challenges Keyless signing can solve for container images?
30:35 Best practicing around securing a code in a microservices architecture?
33:41 Introduction to Kyverno
35:04 Introduction to In-totto attestation standard?
36:07 Hands-on Kyverno and Cosign, Rekor, Fulcio? 🚀
45:35 Hands-on In-totto attestation standard? 🚀
51:00 Q & A's
53:00 How to define SLSA, zero-trust security and SBOM?
55:14 Some words on fastest progress of kyverno and sigstore projects?
58:02 Feel free to contribute to Kyverno a CNCF project.🙌
58:50 What's new coming up next with Kyverno 🚀
⚒️ About the Kyverno.
Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline.
Makers of Kyverno
⚒️ About the Sigstore.
A new standard for signing, verifying and protecting software
Links to useful resources for supply chain security and Kyverno.
🎧 : OSS Supply Chain Security Deep Dive with Dan Lorenc
Supply-chain Levels for Software Artifacts
Images use in demo
What is Cosign
Cosign
Rekor:
Fulcio:
How Kyverno works
Verify Images
👨🎓 About the Host 👨🎓
Join Cloud Native Islamabad community.
🧑🤝🧑 About the Community 🧑🤝🧑
Here's we host our Cloud Native Webinar's Thanks to CNCF:
#CloudNativeIslamabad #Kyverno #Sigstore
About the Guest
🎓 Jim Bugwadia | Co-founder and CEO Nirmata 🎓
▬▬▬▬▬▬ ⏲️ Time Code ⏲️ ▬▬▬▬▬▬
0:00 💙 Welcome Everyone 💙
1:18 Why so much noise around supply chain security?
6:50 Why we care about signing container images?
10:43 What is SLSA? how can I use this patterns to secure my software supply chain?
20:00 What are the advantages of signing the images and provide attestation at admission controller level?
23:21 An overview of project sigstore cosign, fulcio and rekor?
28:35 What challenges Keyless signing can solve for container images?
30:35 Best practicing around securing a code in a microservices architecture?
33:41 Introduction to Kyverno
35:04 Introduction to In-totto attestation standard?
36:07 Hands-on Kyverno and Cosign, Rekor, Fulcio? 🚀
45:35 Hands-on In-totto attestation standard? 🚀
51:00 Q & A's
53:00 How to define SLSA, zero-trust security and SBOM?
55:14 Some words on fastest progress of kyverno and sigstore projects?
58:02 Feel free to contribute to Kyverno a CNCF project.🙌
58:50 What's new coming up next with Kyverno 🚀
⚒️ About the Kyverno.
Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline.
Makers of Kyverno
⚒️ About the Sigstore.
A new standard for signing, verifying and protecting software
Links to useful resources for supply chain security and Kyverno.
🎧 : OSS Supply Chain Security Deep Dive with Dan Lorenc
Supply-chain Levels for Software Artifacts
Images use in demo
What is Cosign
Cosign
Rekor:
Fulcio:
How Kyverno works
Verify Images
👨🎓 About the Host 👨🎓
Join Cloud Native Islamabad community.
🧑🤝🧑 About the Community 🧑🤝🧑
Here's we host our Cloud Native Webinar's Thanks to CNCF:
#CloudNativeIslamabad #Kyverno #Sigstore
1:03:54
1:38:36
0:29:13
0:38:07
0:03:50
0:32:00
0:36:48
0:19:59
0:08:11
0:40:30
0:37:56
![[Webinar] Software Supply](https://i.ytimg.com/vi/Go0iaMLGgjo/hqdefault.jpg)
1:00:41
0:22:24
0:31:05
0:02:18
0:06:36
1:09:43
0:01:06
0:10:39
![[VDBUH2024] - Abdel](https://i.ytimg.com/vi/cn-puSzSiRo/hqdefault.jpg)
0:34:31
0:01:03
0:48:03
0:43:04
0:31:56