In-person + Virtual
October 24-28
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Daylight Time (UTC -4). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Wednesday, October 26 • 5:25pm - 6:00pm
SLSA FRSCA Recipe For Secure Supply Chain - Parth Patel & Michael Lieberman, Kusari

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

There are multiple tools out in the ecosystem trying to deal with parts of the software supply chain threat but what does an end-to-end solution look like? The OpenSSF - FRSCA is an implementation of the CNCF best practices that aims to protect the build system, secure ingestion and enforce policy in the production environment to minimize the attack vectors associated with software supply chain. With the integration of Tekton Pipelines/Chains, Sigstore, SPIFFE/SPIRE, and Kyverno, we can create a holistic approach that can meet SLSA Level 3 from beginning to end. Utilizing CUE, admission controller and short-lived certificates, we can cryptographically and based on policy protect the cluster. Building off binary authorization, FRSCA can validate the signature and attestation to authorize until the next release cycle. FRSCA aims to be an implementable architecture that the open source community and end-user organizations can utilize to ingest and produce SLSA compliant artifacts.

avatar for Michael Lieberman

Michael Lieberman

Co-founder and CTO, Kusari
Michael Lieberman is co-founder and CTO of Kusari where he helps build transparency and security in the software supply chain. Michael is an active member of the open-source community, co-creating the GUAC and FRSCA projects and co-leading the CNCF’s Secure Software Factory Reference... Read More →
avatar for Parth Patel

Parth Patel

Co-Founder, Kusari
Solutions Architect with 10+ years of CyberSecurity, DevOps, Software Development and Automation experience. Parth has successfully led multiple consulting and development projects in various industries (regulated and commercial) for modernization/migration, cloud adoption and secure... Read More →

Wednesday October 26, 2022 5:25pm - 6:00pm EDT
420 AB
  Security + Identity + Policy