Recent compromises of Codecov and Solar Winds have put a spotlight on software supply chain attacks, but this focus has led to new innovations for solving an old problem. In this talk, we'll discuss lessons that Shopify has learned in protecting millions of businesses and demonstrate these techniques using open source software. We'll look at how traditional defensive techniques can be applied in the cloud, how voucher and grafeas implementations can give you control over the software that runs in your clusters, and how the SLSA framework can guide you toward establishing trust in your software. We'll also look at how Falco can be used to detect malicious behaviour or indicators that your supply chain has been compromised. Attendees can expect to learn how to apply specific techniques for mitigating supply chain attacks.
Click here to view captioning/translation in the MeetingPlay platform!
