The Golden Path to SpringOne
Expert talks on the tools and processes devs need to know. Register for SpringOne at VMware Explore >
It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain
It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain
It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain
Feb 2, 2023
In this episode
Securing the software supply chain is becoming increasingly critical not only to prevent cyber threats, but also to comply with the executive order from The White House. DevOps teams need to make it possible to verify provenance of artifacts along the entire pipeline.
In this session, we’ll provide an overview of SLSA and Sigstore. SLSA is a security framework for safeguarding artifact integrity across any software supply chain. And Sigstore helps automate how you digitally sign and check components to help establish provenance.
The audience will learn how to use Sigstore and Tekton to implement SLSA compliance. We’ll demonstrate usage of these tools in a reference CI/CD pipeline for Kubernetes applications.
Guests
Abhinav Rau
Abhinav Rau is a Principal Architect at Google Cloud helping Financial Services companies adopt Cloud Native Development practices. He believes adopting a culture of collaboration exhibited by the to Open Source community can accelerate software development while creating lasting business value.He has presented at SpringOne and hosted several webinars on CI/CD, Kubernetes and GitOps. Before Google, he was at VMware, Pivotal, Wells Fargo and several startups. He contributes to several Open source projects and is a speaker at his home town Charlotte’s Java User Group. Abhinav has several GCP certifications, a Master’s Degree in Computer Science from LSU and a Masters in Science in Information Systems from BITS, Pilani India.
Madhav Sathe
Madhav helps major enterprises unlock innovation using even-driven applications, edge & hybrid cloud, Kubernetes and DevOps. Madhav has been a speaker at conferences such as SpringOne, Cloud Foundry Summit and Oracle OpenWorld. He has co-authored a white paper on container security. Madhav currently works as an Application Modernization specialist at Google Cloud.
Hosts
DaShaun Carter
DaShaun is a husband, father of four, volunteer, struggling athlete and Spring Developer Advocate at VMware Tanzu. Deliberately practicing to build, manage, and run, better software, faster.