This talk will cover how to build ClusterImagePolicies (CIPs) to set software supply chain policies using the Sigstore project. We will build CIPs from scratch that cover the most common policies within frameworks such as SLSA, NIST SSDF, CIS, and PCI.
Chainguard
Software Supply Chain Architect
John Osborne is a Software Supply Chain Architect at Chainguard focusing on end-to-end integrity of software artifacts. Most of his time is spent helping customers along their software supply chain journey with SLSA or NIST SSDF. He’s been active in cloud-native communities for the past 7 years. Prior to his arrival at Chainguard, he spent 9 years at Red Hat, most recently as the NA Practice L…
John Osborne is a Software Supply Chain Architect at Chainguard focusing on end-to-end integrity of software artifacts. Most of his time is spent helping customers along their software supply chain journey with SLSA or NIST SSDF. He’s been active in cloud-native communities for the past 7 years. Prior to his arrival at Chainguard, he spent 9 years at Red Hat, most recently as the NA Practice Lead for DevSecOps. He also spent 7 years as the Infrastructure Lead for a large U.S. Navy program and several years at a telco startup. He has his MS Software Engineering, MBA, and is also co-author of OpenShift In Action. He currently lives in Vienna, Virginia.
Cloud Native Computing Foundation
Organizer
CNCF
Organizer
Linux Foundation (CNCF)
Organizer
CNCF
Organizer
