DevOps and Docker Talk: Cloud Native Interviews and Tooling

Software Supply Chain Security with Chainguard

Listen Later

🙌 My next course is coming soon! I've opened the waitlist for those wanting to go deep in GitHub Actions for DevOps and AI automation in 2025. I'm so thrilled to announce this course. The waitlist allows you to quickly sign up for some content updates, discounts, and more as I finish building the course.
https://courses.bretfisher.com/waitlist đŸŸ


Bret is joined by two Chainguard co-founders, CEO Dan Lorenc and Head of Product, Kim Lewandowski, to break down the ins and outs of supply chain security and talk about Chainguard's approach to securing it. We dive into tools, including their new Wolfi Linux distro.

We first talk about what that even is, because it's a buzzword right now, and not everyone's on the same page on what securing your supply chain even means in the world of software. Then we jump into base images for containers, and their project Wolfi. We talk a lot about Wolfi in this episode, because it has the potential to change how we build our containers.

Streamed live on YouTube on October 13, 2022.


Unedited live recording of this show on YouTube (Ep #188)

★Topics★
Chainguard Website
Chainguard Twitter
Chainguard Academy
Wolfi
Wolfi-based images
Sigstore

★Dan Lorenc★
Dan Lorenc on Twitter
Dan Lorenc on Linkedin

★Kim Lewandowski★
Kim Lewandowski on Twitter
Kim Lewandowski on Linkedin

★Join my Community★
New live course on CI automation and gitops deployments
Best coupons for my Docker and Kubernetes courses
Chat with us and fellow students on our Discord Server DevOps Fans

Homepage bretfisher.com

  • (00:00) - DDT MAIN
  • (00:04) - Intro
  • (02:31) - Custom intro
  • (04:28) - Main show
  • (04:41) - Introductions
  • (05:01) - How did Chainguard get started?
  • (06:00) - What is a supply chain?
  • (08:07) - First Security Things
  • (10:32) - The article and the base image
  • (13:39) - Wolfi elevator pitch
  • (16:26) - How do packages get into Wolfi?
  • (20:26) - How do Wolfi packages work
  • (23:34) - Chainguard Enforce
  • (28:20) - Question about in-toto
  • (30:45) - Preventing unsigned images in production
  • (32:21) - Blocking vulnerable dependencies with policies
  • (33:16) - Scanning on servers
  • (35:39) - Question
  • (37:30) - Question
  • (39:27) - Getting started with Wolfi
  • (41:34) - Where are they on Github (demo?)
  • (42:27) - Question about vex
  • (44:50) - What else?
  • (45:17) - Chainguard Academy
  • (47:01) - Professional services
  • (51:09) - Wrapping up
  • (51:33) - Outro

    • You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!

    Grab the best coupons for my Docker and Kubernetes courses.
    Join my cloud native DevOps community on Discord.
    Grab some merch at Bret's Loot Box
    Homepage bretfisher.com

    ...more
    View all episodesView all episodes
    Download on the App Store
    DevOps and Docker Talk: Cloud Native Interviews and ToolingBy Bret Fisher
    • 4.6
    • 4.6
    • 4.6
    • 4.6
    • 4.6

    4.6

    53 ratings

    More shows like DevOps and Docker Talk: Cloud Native Interviews and Tooling

    View all
    .NET Rocks! by Carl Franklin and Richard Campbell

    .NET Rocks!

    244 Listeners

    The Changelog: Software Development, Open Source by Changelog Media

    The Changelog: Software Development, Open Source

    288 Listeners

    The Cloudcast by Massive Studios

    The Cloudcast

    156 Listeners

    LINUX Unplugged by Jupiter Broadcasting

    LINUX Unplugged

    267 Listeners

    Thoughtworks Technology Podcast by Thoughtworks

    Thoughtworks Technology Podcast

    42 Listeners

    Talk Python To Me by Michael Kennedy

    Talk Python To Me

    585 Listeners

    Software Engineering Daily by Software Engineering Daily

    Software Engineering Daily

    625 Listeners

    Soft Skills Engineering by Jamison Dance and Dave Smith

    Soft Skills Engineering

    284 Listeners

    AWS Podcast by Amazon Web Services

    AWS Podcast

    205 Listeners

    Late Night Linux by The Late Night Linux Family

    Late Night Linux

    164 Listeners

    Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

    Syntax - Tasty Web Development Treats

    983 Listeners

    Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

    Kubernetes Podcast from Google

    182 Listeners

    The Stack Overflow Podcast by The Stack Overflow Podcast

    The Stack Overflow Podcast

    62 Listeners

    The Real Python Podcast by Real Python

    The Real Python Podcast

    140 Listeners

    Last Week in AI by Skynet Today

    Last Week in AI

    302 Listeners

    Agentic DevOps by Bret Fisher

    Agentic DevOps

    2 Listeners