In-person + Virtual
16 -20 May
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Thursday, May 19 • 14:30 - 15:05
Make the Secure Kubernetes Supply Chain Work for You - Adolfo García Veytia, Chainguard

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Starting in Kubernetes 1.22, SIG Release started building new security features into Kubernetes releases to make the project a better citizen in the software supply chain. The push to secure the release process has produced tools and processes that have improved the way other projects in the ecosystem are released. At the same time, we have made sure that Kubernetes plays well in the wider chain: verifying what we get from upstream and making sure consumers of our artifacts can trust what they get from us. This talk will give an overview of lessons learned and tools we have created that you can reuse in your own projects to secure your releases. It will center around three key moments and technologies: The initial effort involved producing SBOMs to describe sources and artifacts along with their dependencies. Then, we'll understand the provenance attestations that make the release process SLSA compliant. Finally, we'll see how digital signatures are implemented in the project.

Click here to view captioning/translation in the MeetingPlay platform!

avatar for Adolfo García Veytia

Adolfo García Veytia

Staff Software Engineer, Stacklok
Adolfo García Veytia (@puerco) is a staff software engineer with Stacklok. He is one of the Kubernetes SIG Release Technical Leads. He specializes in improvements to the software that drives the automation behind the Kubernetes release process. He is also the creator of the OpenVEX... Read More →

Thursday May 19, 2022 14:30 - 15:05 CEST
Auditorium 1A | Event Center Feria Valencia