The Golden Path to SpringOne

Expert talks on the tools and processes devs need to know

It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain

Watch on Twitch
Watch on YouTube
11:00 AM PST on Thursday, Feb 02, 2023

It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain

It Takes Two to SLSA: Sigstore and Tekton to Secure Your Supply Chain

Feb 2, 2023

In this episode

Add to calendar

Securing the software supply chain is becoming increasingly critical not only to prevent cyber threats, but also to comply with the executive order from The White House. DevOps teams need to make it possible to verify provenance of artifacts along the entire pipeline.

In this session, we’ll provide an overview of SLSA and Sigstore. SLSA is a security framework for safeguarding artifact integrity across any software supply chain. And Sigstore helps automate how you digitally sign and check components to help establish provenance.

The audience will learn how to use Sigstore and Tekton to implement SLSA compliance. We’ll demonstrate usage of these tools in a reference CI/CD pipeline for Kubernetes applications.

Guests

Abhinav Rau

Abhinav Rau

Abhinav Rau is a Principal Architect at Google Cloud helping Financial Services companies adopt Cloud Native Development practices. He believes adopting a culture of collaboration exhibited by the to Open Source community can accelerate software development while creating lasting business value.He has presented at SpringOne and hosted several webinars on CI/CD, Kubernetes and GitOps. Before Google, he was at VMware, Pivotal, Wells Fargo and several startups. He contributes to several Open source projects and is a speaker at his home town Charlotte’s Java User Group. Abhinav has several GCP certifications, a Master’s Degree in Computer Science from LSU and a Masters in Science in Information Systems from BITS, Pilani India.

Madhav Sathe

Madhav Sathe

Madhav helps major enterprises unlock innovation using even-driven applications, edge & hybrid cloud, Kubernetes and DevOps. Madhav has been a speaker at conferences such as SpringOne, Cloud Foundry Summit and Oracle OpenWorld. He has co-authored a white paper on container security. Madhav currently works as an Application Modernization specialist at Google Cloud.

Hosts

DaShaun Carter

DaShaun Carter

DaShaun is a husband, father of four, volunteer, struggling athlete and Spring Developer Advocate at VMware Tanzu. Deliberately practicing to build, manage, and run, better software, faster.