Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Software Signing for Kubernetes Supply Chain & Everybody Else
Manage episode 344320947 series 2853525
In this episode of the Virtual Coffee with Ashish edition, we spoke with Luke Hinds (Luke's Twitter) the open source Sigstore project and how it is helping with software signing and protecting the software supply chain
Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv
Host Twitter: Ashish Rajan (@hashishrajan)
Guest Twitter: Luke Hinds (Luke's Twitter)
Podcast Twitter - @CloudSecPod @CloudSecureNews
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
Spotify TimeStamp for Interview Questions
(00:00) Ashish's Intro to the Episode
(01:39) https://snyk.io/csp
(05:21) What is the software supply chain and why is it important?
(08:20) Common supply chain attacks in Kubernetes
(09:53) Codecov attack
(11:14 )Kubernetes and API
(14:10) Vulnerability scanning tools
(16:38) Explaining the importance of supply chain security
(19:19) What is a signing service
(19:56 )The SLSA framework
(20:42) Importance of signing service
(23:35) What is Sigstore?
(27:57) What is Lets Encrypt
(31:48) The aim of sigstore
(34:39) What is Co-Sign
(36:40) Co-Signing and non-repudiation
(46:29) Where to start
259 tập
Manage episode 344320947 series 2853525
In this episode of the Virtual Coffee with Ashish edition, we spoke with Luke Hinds (Luke's Twitter) the open source Sigstore project and how it is helping with software signing and protecting the software supply chain
Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv
Host Twitter: Ashish Rajan (@hashishrajan)
Guest Twitter: Luke Hinds (Luke's Twitter)
Podcast Twitter - @CloudSecPod @CloudSecureNews
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
Spotify TimeStamp for Interview Questions
(00:00) Ashish's Intro to the Episode
(01:39) https://snyk.io/csp
(05:21) What is the software supply chain and why is it important?
(08:20) Common supply chain attacks in Kubernetes
(09:53) Codecov attack
(11:14 )Kubernetes and API
(14:10) Vulnerability scanning tools
(16:38) Explaining the importance of supply chain security
(19:19) What is a signing service
(19:56 )The SLSA framework
(20:42) Importance of signing service
(23:35) What is Sigstore?
(27:57) What is Lets Encrypt
(31:48) The aim of sigstore
(34:39) What is Co-Sign
(36:40) Co-Signing and non-repudiation
(46:29) Where to start
259 tập
Tất cả các tập
×Chào mừng bạn đến với Player FM!
Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.