In-person + Virtual
16 -20 May
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Thursday, May 19 • 16:30 - 17:05
Securing Your Container Native Supply Chain with SLSA, Github and Tekton - Laurent Simon, Google & Priya Wadhwa, Chainguard

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Supply chain security has been a huge topic of discussion in recent months, and protecting your supply chain has become more important than ever. In this talk, Laurent Simon and Priya Wadhwa will discuss how to practically apply the principles of SLSA to secure your container native build system. They’ll start by covering how to use the in-toto project to create and verify source code attestations. They’ll also do a step-by-step demo of achieving SLSA Level 2 in common build systems like Tekton and Github Actions. If you’ve been wanting to secure your supply chain, but haven’t known where to start, then this talk is for you! Priya has given a related talk at SupplyChainSecurityCon on integrating Sigstore with Tekton. That talk focused on the theoretical integration, and this talk will practically show users how to secure an existing Tekton instance. This talk will also cover other build systems (e.g. Github Actions) which users may be using as part of their cloud native deployments.

Click here to view captioning/translation in the MeetingPlay platform!

avatar for Priya Wadhwa

Priya Wadhwa

Software Engineer, Chainguard
Priya Wadhwa is a software engineer at Chainguard, where she works on a variety of open source projects with the goal of improving software supply chain security. She is a member of the Sigstore TSC and a maintainer of the Tekton Chains project. She's passionate about making security... Read More →
avatar for Laurent Simon

Laurent Simon

Engineer, Google
Laurent is a security engineer in the Open Source Security Team (GOSST) at Google. His team works in collaboration with the open-source community and the OpenSSF on novel security solutions, such as Scorecards, Allstar, Sigstore, SLSA, OSS-Fuzz, OSV, etc.

Thursday May 19, 2022 16:30 - 17:05 CEST
Viewable In Platform Feria Valencia