logo
ArticlesConferencesPresentations
Dates
Author
Conferences
Tags

Sort by:  

Zero Trust Supply Chains with Project Sigstore and SPIFFE

Conference:  KubeCon + CloudNativeCon North America 2022
Authors: Jake Sanders, Andres Vega
2022-10-26

tldr - powered by Generative AI

The presentation discusses the importance of securing software supply chains and introduces Spiffy and Spire as solutions. It also highlights the intersection of Spiffy and Spire with Project Six Store.
  • Software supply chains are vulnerable to attacks and require secure solutions
  • Spiffy and Spire provide a secure identity framework for managing the lifecycle of identity and reducing the likelihood of breaches
  • Spiffy and Spire create an identity control plane and abstraction that simplifies high velocity pki and roll binding
  • Project Six Store intersects with Spiffy and Spire by providing a secure and scalable platform for storing and sharing software artifacts
Tags:
trustworthiness
supply chain
build systems
package metadata
verification

What Makes A Build Reproducible?

Conference:  SupplyChainSecurityCon 2022
Authors: Rose Judge, Joshua Lock
2022-06-21

tldr - powered by Generative AI

The presentation discusses the importance of reproducibility in software development pipelines and infrastructure for better security and transparency. It provides three levels of reproducibility and their supply chain security implications.
  • Reproducibility in software development pipelines and infrastructure is crucial for better security and transparency
  • There are three levels of reproducibility: unscripted builds, repeatable builds, and rebuildable builds
  • Rebuildable builds control all explicit inputs for a build and can produce an equivalent artifact that can be reproduced at any future point in time
  • Achieving reproducible builds requires engineering effort and long-term storage, which can be costly for some organizations
Tags:
build process
software
supply chain
trustworthiness