Featured » Videos » The Golden Path to SpringOne: It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain

× Share this Video

Facebook
Twitter
Email
LinkedIn

The Golden Path to SpringOne: It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain

January 31, 2023

Share this Video
Facebook
Twitter
Email
LinkedIn

https://tanzu.vmware.com/developer/tv/golden-path/2/ Securing the software supply chain is becoming increasingly critical not only to prevent cyber threats, but also to comply with the executive order from The White House. DevOps teams need to make it possible to verify provenance of artifacts along the entire pipeline. In this session, we’ll provide an overview of SLSA and Sigstore. SLSA is a security framework for safeguarding artifact integrity across any software supply chain. And Sigstore helps automate how you digitally sign and check components to help establish provenance. The audience will learn how to use Sigstore and Tekton to implement SLSA compliance. We’ll demonstrate usage of these tools in a reference CI/CD pipeline for Kubernetes applications.

GemFire Management Console Demo

In this video John Martin and Anthony Baker show how to use the the new GemFire Management Console. To fin...

Next Video

⚡️ Enlightning - What Is cdk8s?

cdk8s is a software development framework for defining Kubernetes applications and reusable abstractions us...

Why Tanzu

Paving the Road to Modern Apps

Tanzu Application Platform

Tanzu for Kubernetes Operations

Build apps

Modernize apps

Build your platform

Get started with VMware Tanzu

Developer Center

KubeAcademy

The Golden Path to SpringOne: It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain

Previous

Next Video

The Golden Path to SpringOne: It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain

Previous

Next Video

Related content in this Stream

Please join Nate Schutta and guest Layla Porter. Layla is a Developer Advocate at VMware serving the .NET community. She makes videos and livecodes on YouTube. She is a Microsoft MVP, a GitHub Star, P

kapp-controller is a part of the Carvel toolset. kapp-controller is a Kubernetes operator, which helps you build, deploy and manage your own applications in a GitOps methodology. It also helps package

with guests Lewis Denham-Parry & Zack Newman How do you know that the software you're running on your laptop or in production is actually the software you think you're running? Attackers may try to

https://tanzu.vmware.com/developer/tv/golden-path/15/ In the past year, Spring Cloud AWS has gone through a major refactoring, in many places even a complete rewrite: integration with modern AWS SD

Devfile is a specification that allows users to declaratively include the development environment information as part of their application. Devfiles can be used to automate and simplify the developmen

Please join Nate Schutta and guest Corneil du Plessis. Corneil is a Software Architect and Engineer with skin in the game focused on delivering systems that exceed the expectations of the customer and

https://tanzu.vmware.com/developer/tv/golden-path/18/ In this session, learn how to leverage proven patterns and open source software to rapidly build a robust portfolio of microservices that provi

https://tanzu.vmware.com/developer/tv/golden-path/17/ This story is about Kobalt Music Group, founded in 2000 in New York City, with founder Willard Ahdritz, a native of Sweden. Kobalt's initial bu

By now, Kubernetes has become the de-facto industry standard for container orchestration. But developing applications natively for K8s can be a real pain. Developers should be able to focus on buildin

What is VMware Tanzu? I get asked this question a lot and, you know, I try to explain it. If you want a really good explanation, you should check out a new book on the topic, _DevSecOps in Practice wi

How do you modernize mainframe applications? How do you even figure out which ones to pick, when to do them, discover what the apps do, and come up with the new architectures? In this episode, Coté ta

https://tanzu.vmware.com/developer/tv/golden-path/14/ GraalVM Native Image requires the reachability metadata to determine whether reflectively accessed parts of a program need to be included in th

Emissary-ingress is a self-service API Gateway that provides powerful and battle-tested ingress for small and enterprise-scale organizations that need to get external traffic into their Kubernetes clu

In this video Laura Marín demonstrates how to connect a non-Kubernetes application to a VMware GemFire cluster running in Kubernetes. This "off-platform" access is a new feature in version 2.2 and ma

https://tanzu.vmware.com/developer/tv/golden-path/13/ You may be working for a fast-moving startup where it's ok to drop features whenever you want. But the odds are that you work for an organizati

https://tanzu.vmware.com/developer/tv/golden-path/16/ Customers are looking forward to getting a new feature in our application. Developers implemented it and pushed the changes to Git. How can we

Kustomize is a Kubernetes-native configuration management tool that allows you to customize application manifests without the need for templates. It is integrated with kubectl and projects like Argo C

In the ever-changing world of application and software development, top developers always look for opportunities to stay on top of the latest trends and technologies to continue sharpening their skill

https://tanzu.vmware.com/developer/tv/golden-path/12/ Testcontainers libraries are a great way to create a reliable environment for running tests. It provides programmable, lightweight, and disposa

SchemaHero is a Kubernetes operator to define and manage database schemas, in a language agnostic and declarative way. Sometimes you don't know the current state of the database schema, or sometimes y