It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain
Securing the software supply chain is becoming increasingly critical, not only to prevent cyber threats, but also to comply with the executive order from the White House. DevOps teams need to make it possible to verify provenance of artifacts along the entire pipeline. In this session, Madhav Sathe and Abinav Rau provide an overview of SLSA and Sigstore. SLSA is a security framework for safeguarding artifact integrity across any software supply chain. And Sigstore helps automate how you digitally sign and check components to help establish provenance. The audience will learn how to use Sigstore and Tekton to implement SLSA compliance. We’ll demonstrate usage of these tools in a reference CI/CD pipeline for Kubernetes applications.