Sign up to save your podcasts
Or
Share Software Signing for Kubernetes Supply Chain & Everybody Else
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Software Signing for Kubernetes Supply Chain & Everybody Else
In this episode of the Virtual Coffee with Ashish edition, we spoke with Luke Hinds (Luke's Twitter) the open source Sigstore project and how it is helping with software signing and protecting the software supply chain
Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv
Host Twitter: Ashish Rajan (@hashishrajan)
Guest Twitter: Luke Hinds (Luke's Twitter)
Podcast Twitter - @CloudSecPod @CloudSecureNews
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security News
- Cloud Security Academy
Spotify TimeStamp for Interview Questions
(00:00) Ashish's Intro to the Episode
(01:39) https://snyk.io/csp
(05:21) What is the software supply chain and why is it important?
(08:20) Common supply chain attacks in Kubernetes
(09:53) Codecov attack
(11:14 )Kubernetes and API
(14:10) Vulnerability scanning tools
(16:38) Explaining the importance of supply chain security
(19:19) What is a signing service
(19:56 )The SLSA framework
(20:42) Importance of signing service
(23:35) What is Sigstore?
(27:57) What is Lets Encrypt
(31:48) The aim of sigstore
(34:39) What is Co-Sign
(36:40) Co-Signing and non-repudiation
(46:29) Where to start
View all episodes
By Cloud Security Podcast Team
5
5656 ratings
In this episode of the Virtual Coffee with Ashish edition, we spoke with Luke Hinds (Luke's Twitter) the open source Sigstore project and how it is helping with software signing and protecting the software supply chain
Episode ShowNotes, Links and Transcript on Cloud Security Podcast: www.cloudsecuritypodcast.tv
Host Twitter: Ashish Rajan (@hashishrajan)
Guest Twitter: Luke Hinds (Luke's Twitter)
Podcast Twitter - @CloudSecPod @CloudSecureNews
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
- Cloud Security News
- Cloud Security Academy
Spotify TimeStamp for Interview Questions
(00:00) Ashish's Intro to the Episode
(01:39) https://snyk.io/csp
(05:21) What is the software supply chain and why is it important?
(08:20) Common supply chain attacks in Kubernetes
(09:53) Codecov attack
(11:14 )Kubernetes and API
(14:10) Vulnerability scanning tools
(16:38) Explaining the importance of supply chain security
(19:19) What is a signing service
(19:56 )The SLSA framework
(20:42) Importance of signing service
(23:35) What is Sigstore?
(27:57) What is Lets Encrypt
(31:48) The aim of sigstore
(34:39) What is Co-Sign
(36:40) Co-Signing and non-repudiation
(46:29) Where to start
More shows like Cloud Security Podcast
View all
Risky Business
365 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
626 Listeners
The Cloudcast
152 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
CyberWire Daily
1,009 Listeners
AWS Podcast
202 Listeners
Darknet Diaries
7,879 Listeners
Cybersecurity Today
166 Listeners
Kubernetes Podcast from Google
181 Listeners
CISO Series Podcast
189 Listeners
Practical AI
192 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
127 Listeners
Cloud Security Podcast by Google
38 Listeners
Risky Bulletin
43 Listeners