Solutions Architect with 10+ years of CyberSecurity, DevOps, Software Development and Automation experience. Parth has hands-on …
Kusari presenting at KubeCon and Cloud Native SecurityCon NA 2022
KubeCon + CloudNativeCon is right around the corner and we are excited to be attending in person! Be on the lookout for us (wearing the Kusari t-shirts) to have conversations and make introductions. We will also be handing out swag throughout the week so be sure to catch us!
Cloud Native SecurityCon NA 2022
Tuesday, October 25 • 3:40pm - 4:10pm
See It to Believe It: Bringing Observability to Otherwise Opaque Container Builds: Kusari’s Parth Patel and Shripad Nadgowda, Intel, will be discussing the need for more transparency while building artifacts. While tools such as Tekton Chains provide visibility into the steps that were performed and components that were used during the build process, we are still missing the lower level syscalls that were made. In this presentation Parth and Shripad will present an open framework using tetragon to bring out-of-band runtime visibility and provide automated attestation for tekton based CI pipeline.
KubeCon NA 2022
Wednesday, October 26 • 5:25pm - 6:00pm
SLSA FRSCA Recipe For Secure Supply Chain: Kusari’s Parth Patel and Michael Lieberman will be presenting FRSCA, which is an implementation of the CNCF Reference Architecture that aims to generate artifacts securely, enable secure ingestion and enforce policy in the production environment. All of this is in pursuit of the goal to minimize attack vectors associated with supply chain attacks. With the integration of Tekton Pipelines/Chains, Sigstore, SPIFFE/SPIRE, and Kyverno, we can create a holistic approach that can meet SLSA Level 3 from beginning to end.
Thursday, October 27 • 11:00am - 11:35am
It’s Dangerous To SLSA Alone Out There! Take This Artifact Knowledge Graph!: Kusari’s Michael Lieberman and Mihai Maruseac, Google, will be presenting GUAC(Graph for Understanding Artifact Composition). The fundamental problem is you can’t start securing your supply chain if you don’t know what’s in it. The industry is in desperate need of having a clear, holistic understanding of the software supply chain. To solve this problem, we are introducing Graph for Understanding Artifact Composition.