A practical take on Software Supply Chain Security

Mike Vainio • 1 minutes • 2024-06-19

A practical take on Software Supply Chain Security

A talk at DevOps Finland on the SLSA framework, SBOM (Software Bill of Materials) and the current state of software supply chain security in general.

Abstract#

A practical take on the SLSA framework, SBOM (Software Bill of Materials) and the current state of software supply chain security in general. Instead of a deep dive, this talk focused on why should you care about supply chain security and what concrete steps can be taken to improve your security posture.

What’s covered?#

  • Current state of software supply chain security
  • SBOM (Software Bill of Materials)
  • SLSA framework (Supply-chain Levels for Software Artifacts)
  • Example of Provenance and Signing with GitHub Actions


Oops! Your browser does not support PDFs. Download the slides instead.

Download presentation.

DevOps Finland meetup

Software Supply Chain Best Practices by CNCF

9th Annual State of the Software Supply Chain by Sonatype

Supply Chain Threats, SLSA

SLSA Provenance, SLSA

Sigstore - signing, verification and provenance checks

Google Cloud Build Build Provenance

GUAC


If you need help optimising your software development and continuous delivery processes, don’t hesitate to get in contact with us!



Comments


Read similar posts

Event

2024-06-19

1 minutes

A practical take on Software Supply Chain Security

A talk at DevOps Finland on the SLSA framework, SBOM (Software Bill of Materials) and the current state of software supply chain security in general.

Blog

2024-01-24

13 minutes

How to secure Terraform code with Trivy

Learn how Trivy can be used to secure your Terraform code and integrated into your development workflow.

Sign up for our monthly newsletter.

By submitting this form you agree to our Privacy Policy