This talk will cover how to build ClusterImagePolicies (CIPs) to set software supply chain policies using the Sigstore project. We will build CIPs from scratch that cover the most common policies within frameworks such as SLSA, NIST SSDF, CIS, and PCI.
Chainguard
Software Supply Chain Architect
John Osborne is a Software Supply Chain Architect at Chainguard focusing on end-to-end integrity of software artifacts. Most of his time is spent helping customers along their software supply chain journey with SLSA or NIST SSDF. He’s been active in cloud-native communities for the past 7 years. Prior to his arrival at Chainguard, he spent 9 years at Red Hat, most recently as the NA Practice L…
Cloud Native Computing Foundation
Organizer
CNCF
Organizer
Linux Foundation (CNCF)
Organizer
CNCF
Organizer