Loading…
In-person
November 12-15
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
← Back to schedule
Practical Supply Chain Security: Implementing SLSA Compliance from Build to Runtime - Enguerrand Allamel, Ledger
Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 1 | 151 G
Securing the software supply chain can feel overwhelming, especially with dynamic frameworks like SLSA (Supply-chain Levels for Software Artifacts). This beginner-friendly session on software supply chain security explores practical strategies to secure your software from build to runtime.

We will utilize GitHub Actions, implement Cosign for seamless artifact signing without managing keys, and apply Kyverno for enforcing runtime policies. Additionally, you will learn how to use in-toto and Kubescape to verify and maintain artifact integrity effectively. To further bolster security, we will briefly explore integrating Hardware Security Modules (HSMs) into your workflow, providing a robust layer for key management.

By the end of this talk, you will have actionable insights and a clear understanding of how to achieve SLSA compliance within the CNCF ecosystem.
Speakers
avatar for Enguerrand Allamel

Enguerrand Allamel

Staff Cloud Security Engineer, Ledger
Enguerrand is a Staff Cloud Security Engineer at Ledger with a background in Site Reliability Engineering.His focus areas include Software Supply Chain Security and Cloud Security.
Practical Supply Chain Security Implementing SLSA Compliance from Build to Runtime pdf
Friday November 15, 2024 2:55pm - 3:30pm MST
Salt Palace | Level 1 | 151 G
  Security
Log in to leave feedback.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link