SLSA and GUAC: A Tasty Combination for Supply Chain Security featuring Waypoint скачать в хорошем качестве

SLSA and GUAC: A Tasty Combination for Supply Chain Security featuring Waypoint

Supply chain attacks are an increasing security concern for organizations and developers who use third party software and build systems. In order to mitigate the risks of supply chain attacks, Supply chain Levels for Software Artifacts, or SLSA (salsa) was created in order to help improve the security of software solutions. A great pairing with SLSA - known as GUAC can help to bring together many sources of software security metadata to enhance security throughout the SDLC. In this talk, we will implement SLSA and GUAC in a CI/CD system using Waypoint. This demonstration will show how to utilize supply chain security with containerized applications that can run on Kubernetes. We will go through a source to deployment scenario that utilizes SLSA and GUAC to attest to a high level of software security throughout the process. Speaker: Eric Evans Github: https://github.com/eric-gonzales Twitter:   / egonzalesevans   Subscribe to our YouTube Channel → https://www.youtube.com/c/HashiCorp?s... For hands-on interactive labs, visit HashiCorp Learn → https://learn.hashicorp.com/ HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp open source tools Vagrant, Packer, Terraform, Vault, Consul, Nomad, Boundary, and Waypoint allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. For more information → https://hashicorp.com Twitter →   / hashicorp   LinkedIn →   / hashicorp   Facebook →   / hashicorp