Checking the Chains at the Gate: Building Supply Chain Policies with Gatekeeper and Ratify
37 min

Checking the Chains at the Gate: Building Supply Chain Policies with Gatekeeper and Ratify

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Jeremy Rickard
kubernetes supply-chain-security gatekeeper ratify opa rego oci admission-controller policy-as-code sbom ci-cd
Improve Vulnerability Management with OCI Artifacts – It Is That Easy!
36 min

Improve Vulnerability Management with OCI Artifacts – It Is That Easy!

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Itay Shakury Toddy Mladenov
vulnerability-management oci-artifacts sbom supply-chain-security container-security trivy notary oras cicd kubernetes container-registry signing
Verifiable GitHub Actions with eBPF
28 min

Verifiable GitHub Actions with eBPF

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Jose Donizetti
github-actions ebpf runtime-security supply-chain-security tracee observability ci-cd container-security linux-kernel forensics
Fight Back Against Cyber Risk in the Software Supply Chain with a Secure and Compliant DevSecOps Pipeline for Regulated Environments
32 min

Fight Back Against Cyber Risk in the Software Supply Chain with a Secure and Compliant DevSecOps Pipeline for Regulated Environments

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Krishna Rajeesh Nallur Valiyaveettil Brendan Kelly
devsecops supply-chain-security cyber-risk regulated-environments ci-cd continuous-compliance tekton terraform sonarqube oasis-zap cyclonedx gitops
Silly Gooses, Let's Make Sense of the Security Supply Chain, Together
24 min

Silly Gooses, Let's Make Sense of the Security Supply Chain, Together

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Grace Nguyen
supply-chain-security salsa sigstore cosign fulcio rekor sbom attestation provenance container-security cloud-native-security kubernetes
How SIG Release Makes Kubernetes Releases Even More Stable and Secure
35 min

How SIG Release Makes Kubernetes Releases Even More Stable and Secure

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Veronica Lopez Marko Mudrinić
kubernetes sig-release release-management supply-chain-security salsa-compliance container-images registry-migration debian-packages rpm-packages ci-cd cloud-native
From SBOMs to IBOMs - Know What's Happening in Your Clusters
31 min

From SBOMs to IBOMs - Know What's Happening in Your Clusters

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Cindy Blake Ido Neeman
sbom ibom cloud-native infrastructure-management security supply-chain-security asset-management kubernetes compliance cost-optimization attack-surface-management drift-detection
Total Clarity on Your Application Security
7 min

Total Clarity on Your Application Security

KubeCon + CloudNativeCon - KubeCon + CloudNativeCon Europe 2023
Guillaume Sauvage de Saint Marc
application-security cloud-security open-source devsecops vulnerability-management kubernetes container-security vm-scanning api-security supply-chain-security security-posture
Software Security and Slippery Slopes: How to Elevate an Entire Ecosystem at Scale
28 min

Software Security and Slippery Slopes: How to Elevate an Entire Ecosystem at Scale

PyCon - PyCon US 2023
Dustin Ingram
software-security open-source python ecosystem-security supply-chain-security package-management security-best-practices automation vulnerability-management two-factor-authentication
Ergonomic codesigning for the Python ecosystem with Sigstore
29 min

Ergonomic codesigning for the Python ecosystem with Sigstore

PyCon - PyCon US 2023
William Woodruff
python sigstore code-signing cryptography packaging security authentication pgp supply-chain-security
Why You Should Care About Open Source Supply Chain Security
32 min

Why You Should Care About Open Source Supply Chain Security

PyCon - PyCon US 2023
Nina Zakharenko
supply-chain-security open-source-security software-supply-chain security-auditing vulnerability-management dependency-management python security-practices
The State of RubyGems
33 min

The State of RubyGems

RubyConf - RubyConf 2024
Samuel Giddins Martin Emde Marty Haught
bundler ruby ruby-gems-org security supply-chain-security sigstore open-source infrastructure packaging ruby-gems