Building SLSA 3 Conforment Attestors for Artifacts Generated on GitHub
34 min

Building SLSA 3 Conforment Attestors for Artifacts Generated on GitHub

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Ian Lewis Asra Ali
slsa supply-chain-security github-actions software-supply-chain provenance attestation container-images ci-cd open-source-security build-automation security-frameworks
Secure Your Project with the SIG Release Supply Chain Kit
30 min

Secure Your Project with the SIG Release Supply Chain Kit

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Adolfo García Veytia Carlos Panato
supply-chain-security sbom slsa container-signing github-actions ci-cd kubernetes release-engineering provenance cosign six-store software-supply-chain
In-Toto: Attestations and More for Software Supply Chain Security
35 min

In-Toto: Attestations and More for Software Supply Chain Security

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Aditya Sirish A Yelgundhalli
software-supply-chain-security in-toto attestation sbom slsa kubernetes ci-cd container-security policy-enforcement digital-signatures provenance
Silly Gooses, Let's Make Sense of the Security Supply Chain, Together
24 min

Silly Gooses, Let's Make Sense of the Security Supply Chain, Together

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Grace Nguyen
supply-chain-security salsa sigstore cosign fulcio rekor sbom attestation provenance container-security cloud-native-security kubernetes