Hey hey! 👋 We invite you to the 29th meeting of the Krakow Cloud Native group.

We’ll meet on October 29th at 06:00 PM at the Virtuslab Office at Bursztynowy Szlak, Szlak 49, 31-155 Kraków.

Talk:

🎙️ Daniel Liszka 🎙️ with the topic "Securing the Software Supply Chain: Practical Strategies"

Drawing from real-world implementations at major enterprises, this talk will guide you through integrating compliance and security controls into your Software Development Lifecycle (SDLC) using open-source tools like Chainloop. Learn how to build an evidence store for your software supply chain, instrument your CI/CD pipelines, and establish effective quality and control gates. We'll show you how to operationalize Software Bills of Materials (SBOMs) and Vulnerability Exploitability eXchange (VEX) files to securely deploy software to production and beyond.

About the speaker:

Daniel is a co-founder at chainloop.dev and a maintainer of the open-source evidence store and a control place for the software supply chain (github.com/chainloop-dev/chainloop). Product Leader with over a decade of expertise building apps around Open Source and Software Supply Chain Security at Bitnami (Engineering) and VMware (PM). Dad, traveler, biker, and skier.

Please note that due to office policy, you will be required to sign the guest list.

Confirm your presence and join us! During a break, we welcome you to network over a pizza!🍕