A practical take on Software Supply Chain Security

Posted on Jun 19, 2024
By Mike Vainio

A talk at DevOps Finland on the SLSA framework, SBOM (Software Bill of Materials) and the current state of software supply chain security in general.

Abstract

A practical take on the SLSA framework, SBOM (Software Bill of Materials) and the current state of software supply chain security in general. Instead of a deep dive, this talk focused on why should you care about supply chain security and what concrete steps can be taken to improve your security posture.

What’s covered?

  • Current state of software supply chain security
  • SBOM (Software Bill of Materials)
  • SLSA framework (Supply-chain Levels for Software Artifacts)
  • Example of Provenance and Signing with GitHub Actions

Oops! Your browser does not support PDFs. Download the slides instead.

Download presentation.

DevOps Finland meetup

Software Supply Chain Best Practices by CNCF

9th Annual State of the Software Supply Chain by Sonatype

Supply Chain Threats, SLSA

SLSA Provenance, SLSA

Sigstore - signing, verification and provenance checks

Google Cloud Build Build Provenance

GUAC


If you need help optimising your software development and continuous delivery processes, don’t hesitate to get in contact with us!