Building SLSA 3 Conforment Attestors for Artifacts Generated on GitHub
34 min

Building SLSA 3 Conforment Attestors for Artifacts Generated on GitHub

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Ian Lewis Asra Ali
slsa supply-chain-security github-actions software-supply-chain provenance attestation container-images ci-cd open-source-security build-automation security-frameworks
Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling
34 min

Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Christie Wilson Priya Wadhwa
kubernetes slsa supply-chain-security threat-modeling ci-cd tekton spire sigstore container-security security-frameworks
Secure Your Project with the SIG Release Supply Chain Kit
30 min

Secure Your Project with the SIG Release Supply Chain Kit

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Adolfo García Veytia Carlos Panato
supply-chain-security sbom slsa container-signing github-actions ci-cd kubernetes release-engineering provenance cosign six-store software-supply-chain
In-Toto: Attestations and More for Software Supply Chain Security
35 min

In-Toto: Attestations and More for Software Supply Chain Security

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Aditya Sirish A Yelgundhalli
software-supply-chain-security in-toto attestation sbom slsa kubernetes ci-cd container-security policy-enforcement digital-signatures provenance