Скачать или смотреть Ozzie & Nova - Supply Chain Shenanigans: A Kubernetes Security Play Ab... Whitney Lee & Puja Abbassi

Ozzie & Nova - Supply Chain Shenanigans: A Kubernetes Security Play About OpenSSF Standards - Whitney Lee, Datadog & Puja Abbassi, Giant Swarm

Ozzie thinks his Kubernetes cluster is airtight. The API server isn’t public. RBAC is strict. GitOps handles deployments, reinforced by MFA, service mesh, admission controls, and runtime security tools. It looks like everything is in place. But when an attacker quietly replaces a container image, swaps out a trusted base, and hides a backdoor among a flood of vulnerabilities, the cracks begin to show.

This talk follows a fictional, technically grounded story of a cluster under attack. Each breach exposes a different blind spot in supply chain security—like the absence of image verification, gaps in the build process, and the limits of scanning alone. The narrative traces how these failures unfold and what finally stops them.

Attendees will explore how tools like Sigstore, SLSA, SBOMs, and OpenVEX can be used together in practice. Instead of focusing on theory or checklists, this session asks what real security looks like when the pipeline itself becomes the target.