Silly Gooses, Let's Make Sense of the Security Supply Chain, Together
May 01, 2023
24 min
Free
supply-chain-security
salsa
sigstore
cosign
fulcio
rekor
sbom
attestation
provenance
container-security
cloud-native-security
kubernetes
Description
This talk aims to demystify security supply chain concepts for beginners. It provides an overview of the evolving landscape, explains key terms like attestation, provenance, and software bills of materials (SBOMs), and introduces frameworks like SALSA. The presentation also delves into tools like Sigstore (Cosign, Fulcio, Rekor) that help secure software artifacts through signing, ephemeral certificates, and transparency logs.