October 21, 2022
KubeCon + CloudNativeCon is right around the corner and we are excited to be attending in person! Be on the lookout for us (wearing the Kusari t-shirts) to have conversations and make introductions. We will also be handing out swag throughout the week so be sure to catch us!
See It to Believe It: Bringing Observability to Otherwise Opaque Container Builds: Kusari’s Parth Patel and Shripad Nadgowda, Intel, will be discussing the need for more transparency while building artifacts. While tools such as Tekton Chains provide visibility into the steps that were performed and components that were used during the build process, we are still missing the lower level syscalls that were made. In this presentation Parth and Shripad will present an open framework using tetragon to bring out-of-band runtime visibility and provide automated attestation for tekton based CI pipeline.
SLSA FRSCA Recipe For Secure Supply Chain: Kusari’s Parth Patel and Michael Lieberman will be presenting FRSCA, which is an implementation of the CNCF Reference Architecture that aims to generate artifacts securely, enable secure ingestion and enforce policy in the production environment. All of this is in pursuit of the goal to minimize attack vectors associated with supply chain attacks. With the integration of Tekton Pipelines/Chains, Sigstore, SPIFFE/SPIRE, and Kyverno, we can create a holistic approach that can meet SLSA Level 3 from beginning to end.
It’s Dangerous To SLSA Alone Out There! Take This Artifact Knowledge Graph!: Kusari’s Michael Lieberman and Mihai Maruseac, Google, will be presenting GUAC(Graph for Understanding Artifact Composition). The fundamental problem is you can’t start securing your supply chain if you don’t know what’s in it. The industry is in desperate need of having a clear, holistic understanding of the software supply chain. To solve this problem, we are introducing Graph for Understanding Artifact Composition.
The latest industry news, interviews, technologies, and resources.