It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain

January 31, 2023

Share this Video
Facebook
Twitter
Email
LinkedIn

Securing the software supply chain is becoming increasingly critical, not only to prevent cyber threats, but also to comply with the executive order from the White House. DevOps teams need to make it possible to verify provenance of artifacts along the entire pipeline. In this session, Madhav Sathe and Abinav Rau provide an overview of SLSA and Sigstore. SLSA is a security framework for safeguarding artifact integrity across any software supply chain. And Sigstore helps automate how you digitally sign and check components to help establish provenance. The audience will learn how to use Sigstore and Tekton to implement SLSA compliance. We’ll demonstrate usage of these tools in a reference CI/CD pipeline for Kubernetes applications.

Introduction to Backstage in the Tanzu Application Platform: Part 1 - Core Plugins | VMware Tanzu

VMware Tanzu Application Platform is a next-generation Kubernetes-based DevOps platform that helps your dev...

Next Video

ChatGPT Helps Reduce Digital Transformation Toil - Tanzu Talk

Coté puts together a talk looking out how to use things like OpenAI ChatGPT to make digital transformation,...

It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain

Previous

Next Video

Related content in this Stream

Internal developer platforms (IDPs) might be the latest innovation to hit the platform space, but they represent the culmination of at least a decade of efforts by development, platform and DevOps tea

Containers are popular with both developers and operators because they offer a straightforward way to deploy and manage applications, regardless of the target environment. They facilitate DevOps (and

Please join Nate Schutta and guest Valarie Regas. Valarie is a DevOps fanatic, a Georgia Tech coding bootcamp graduate, and a veteran mommy. She holds a BA in Psychology and currently works as a Devel

In the DevOps, cloud, platform world we're told that operations people starting working closely with developers. This week @thecote been asked "does that really happen?" several times. We discuss...

In the DevOps, cloud, platform world we're told that operations people starting working closely with developers. This week @thecote been asked "does that really happen?" several times. We discuss the

VMware Tanzu Application Platform is a next-generation Kubernetes-based DevOps platform that helps your developers be more productive. The Tanzu Application Platform GUI is built with the Backstage op

Coté puts together a talk looking out how to use things like OpenAI ChatGPT to make digital transformation, DevOps/culture, whatever and etc. better, if not just less annoying. Chapters: 00:04 - Tes

All that digital transformation, DevOps, whatever stuff is going to require organization change. For reals! Make sure you can actually do it. More: https://tanzu.vmware.com/content/ebooks/the-business

We check-in on "platform engineering," and ponder the theory that it's "DevOps for kubernetes." Also, Coté gives his theory on the rise of platform engineering. In the news section, we cover some of t

We check-in on "platform engineering," and ponder the theory that it's "DevOps for kubernetes." Also, Coté gives his theory on the rise of platform engineering. In the news section, we cover some...

How does the community process work at the CNCF? Dims tells us, and then he discusses it with Alex Williams of @TheNewStack and Coté of @vmware.

Build your own automation platform in 20mn, one artisanal script at a time. Solomon Hykes shows how with #ProjectCloak.

Index: 0:00 - Disclaimer and fun intro video. 0:55 - Presentation. 21:10 - Interview

...with Duffie Cooley of Isovalent.

Jen Kelly goes over what Backstage is. She then talks with Alex Williams from @TheNewStack. Index: 1:06 - Jeny Kelly 15:14 - Interview with Alex Williams

In this episode from VMware Explore, Lukas first goes over vcluster and loft.sh. Then Coté and Alex Williams discuss those topics and kubernetes in general with Lukas.

If you're doing anything with programming, apps, or the software you build and use to run your organization, check out the sessions we have at #VMwareExplore 2022, coming up August 29th to September 1

Moving to the cloud is hard. Even born-in-the-cloud companies worry about keeping their growth on track and their technical debt in check. Given the demands decision makers face for growth, innovation

What is DevSecOps? Here, Coté goes over what he things DevSecOps is. Rear more here: https://tanzu.vmware.com/content/blog/devops-vs-devsecops?utm_campaign=devrel&utm_source=cote&utm_content=IsDevSecO