SUPPLY CHAIN SECURITY: Securing Integrity of Software Supply Chains

Cloud Native @Scale

Tue, Mar 8, 6:00 PM (UTC)

Virtual event

In this talk, Carlos and Adolfo will go through some of the basic technologies and tools that will help you start securing your pipelines.

About this event

📅 Date: Tuesday, March 8th, 2021

📍 Time: 10 am PST to 11:30 am PST (1:00 - 2:30 pm EST)

Securing a software supply chain is a complex task. There are many moving parts, external dependencies, difficulties to ensure all holes are plugged tight and sometimes it seems that the least goes on and on forever. Fortunately, there are a lot of benefits just by taking the first steps in the secure supply chain road.

In this talk, Carlos and Adolfo will go through some of the basic technologies and tools that will help you start securing your pipelines. Through quick dives and examples, they will show how to sign images and publish the records to the sigstore transparency log, how to generate an SBOM (Software Bill of Materials) and how to generate provenance attestations to track the origins of software components.

The talk will feature demos of each technology in addition to a larger project binding them all together.

Speakers:

🔶 Adolfo García Veytia, Staff Software Engineer at Chainguard, Inc

Adolfo García Veytia (puerco) is a software engineer with Chainguard, Inc, where he works helping open-source projects achieve better levels of security in their release processes. He is a Technical Lead with Kubernetes SIG Release, recently acting as Branch Manager for the 1.21 and 1.22 releases. He actively works on the Release Engineering team, specializing in software improvements that drive the automation behind the Kubernetes release process. Adolfo is passionate about writing software with friends, helping new contributors, and amplifying the Latinx presence in the Cloud Native community.

🔶  Carlos Tadeu Panato Júnior , Software Engineer at Chainguard

Carlos is a software Engineer with experience leveraging agile, DevOps, Test Automation, and CI/CD to manage large-scale distributed platforms both on-prem and in the public cloud. He's also a Continuous Delivery Foundation Community Ambassador.

🔹 Host: Chakradhar Rao J , Chief Technology Officer at Zelar

Chakri is a Software/Solutions Architect who also codes. Specializing in containers, kubernetes , openshift and nodejs. He's also an Ambassador @ Cloud Native Computing Foundation

https://cncf.io/about/ambassadors


Speakers

  • Carlos Panato

    Mattermost

    Staff Software Engineer/SRE

  • Adolfo García Veytia

    Chainguard

    Software Engineer

Host

  • Chakradhar Rao J

    Zelar

    Chief Technology Officer

Organizers

  • Thu Vuong

    Organizer

  • Joshua Hurst

    Cloud Native @Scale

    Community Manager

Partner

Zelarsoft