September 13-16, 2022
Dublin, Ireland + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Irish Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Tuesday, September 13 • 09:00 - 09:40
From Kubernetes With ♥ Open Tools For Open, Secure Supply Chains - Adolfo García Veytia, Chainguard

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
For the past two years, the Kubernetes Release Engineering Team (a subproject of SIG Release) has been hard at work hardening the Kubernetes supply chain, aiming to make it SLSA Level 3 compliant by the time Kubernetes 1.25 is released. The road to level 3 has produced a complete suite of open source projects that constitute the fundamental building blocks of a secure supply chain. And now, other projects and companies can leverage the Kubernetes release toolset to secure their chains! Guided by the CNCF Security TAG Best Practices whitepaper, the Release Engineering team built a set of tools that allow anyone to: - Building and publishing SBOMs (Software Bill of Materials) - Securely releasing staged images and artifacts - Signing and verifying container images and binaries leveraging Sigstore's transparency log, CA, and public infrastructure - Generating SLSA attestations of each step in a release pipeline All release tooling was designed from the get-go to be completely general-purpose and the talk will feature how other projects beyond K8s itself are using them in their releases. To finish the talk, Adolfo will demo a reference implementation of a SLSA-compliant pipeline using the K8s Release Engineering tools which any project can use to build its release process.

avatar for Adolfo García Veytia

Adolfo García Veytia

Staff OSS Engineer, Chainguard
Adolfo García Veytia (@puerco) is a software engineer with Chainguard, Inc. He is one of the Kubernetes SIG Release Technical Leads., actively working on the Release Engineering team. He specializes in improvements to the software that drives the automation behind the Kubernetes... Read More →

Tuesday September 13, 2022 09:00 - 09:40 IST
Liffey B Part 2 (Level 1)