Скачать или смотреть Kubernetes Supply Chain Security: The Software Factory - Andrew Martin, Control Plane

Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.

Kubernetes Supply Chain Security: The Software Factory - Andrew Martin, Control Plane

The original supply chain attack was described by Ken Thompson 35 years ago, in Reflections on Trusting Trust. As the SUNBURST attacks abuse the same implicit trust relationship between consumers and vendors today, we ask ourselves: does cloud native have the answer? Based on work from the US Air Force and DoD, we present a Kubernetes Software Factory approach that can defend against supply chain risks. But can we mitigate the risk entirely? What about consuming closed source and binary artefacts? Is there a silver bullet for this producer-consumer problem, that impacts supply chain relationships at all levels of industry and technology? In this talk we: - Showcase work to build a Kubernetes Software Factory with Tekton - Deep dive on signing and verification approaches to securely build software with in-toto, TUF, SPIFFE, SPIRE, and sigstore - Review lessons learned from the SUNBURST attacks - Detail future cloud native solutions to harden Kubernetes, builds, and infrastructure