DevOps and Docker Talk: Cloud Native Interviews and Tooling

Software Supply Chain Security with Chainguard

Listen Later

🙌 My next course is coming soon! I've opened the waitlist for those wanting to go deep in GitHub Actions for DevOps and AI automation in 2025. I'm so thrilled to announce this course. The waitlist allows you to quickly sign up for some content updates, discounts, and more as I finish building the course. https://learn.bretfisher.com/waitlistđŸŸ


Bret is joined by two Chainguard co-founders, CEO Dan Lorenc and Head of Product, Kim Lewandowski, to break down the ins and outs of supply chain security and talk about Chainguard's approach to securing it. We dive into tools, including their new Wolfi Linux distro.

We first talk about what that even is, because it's a buzzword right now, and not everyone's on the same page on what securing your supply chain even means in the world of software. Then we jump into base images for containers, and their project Wolfi. We talk a lot about Wolfi in this episode, because it has the potential to change how we build our containers.

Streamed live on YouTube on October 13, 2022.


Unedited live recording of this show on YouTube (Ep #188)

★Topics★
Chainguard Website
Chainguard Twitter
Chainguard Academy
Wolfi
Wolfi-based images
Sigstore

★Dan Lorenc★
Dan Lorenc on Twitter
Dan Lorenc on Linkedin

★Kim Lewandowski★
Kim Lewandowski on Twitter
Kim Lewandowski on Linkedin

★Join my Community★
New live course on CI automation and gitops deployments
Best coupons for my Docker and Kubernetes courses
Chat with us and fellow students on our Discord Server DevOps Fans

Homepage bretfisher.com

  • (00:00) - DDT MAIN
  • (00:04) - Intro
  • (02:31) - Custom intro
  • (04:28) - Main show
  • (04:41) - Introductions
  • (05:01) - How did Chainguard get started?
  • (06:00) - What is a supply chain?
  • (08:07) - First Security Things
  • (10:32) - The article and the base image
  • (13:39) - Wolfi elevator pitch
  • (16:26) - How do packages get into Wolfi?
  • (20:26) - How do Wolfi packages work
  • (23:34) - Chainguard Enforce
  • (28:20) - Question about in-toto
  • (30:45) - Preventing unsigned images in production
  • (32:21) - Blocking vulnerable dependencies with policies
  • (33:16) - Scanning on servers
  • (35:39) - Question
  • (37:30) - Question
  • (39:27) - Getting started with Wolfi
  • (41:34) - Where are they on Github (demo?)
  • (42:27) - Question about vex
  • (44:50) - What else?
  • (45:17) - Chainguard Academy
  • (47:01) - Professional services
  • (51:09) - Wrapping up
  • (51:33) - Outro

    • You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!

    Grab the best coupons for my Docker and Kubernetes courses.
    Join my cloud native DevOps community on Discord.
    Grab some merch at Bret's Loot Box
    Homepage bretfisher.com

    ...more
    View all episodesView all episodes
    Download on the App Store
    DevOps and Docker Talk: Cloud Native Interviews and ToolingBy Bret Fisher
    • 4.6
    • 4.6
    • 4.6
    • 4.6
    • 4.6

    4.6

    54 ratings

    More shows like DevOps and Docker Talk: Cloud Native Interviews and Tooling

    View all
    The Knowledge Project by Shane Parrish

    The Knowledge Project

    2,688 Listeners

    6 Minute English by BBC Radio

    6 Minute English

    1,757 Listeners

    Learning English Conversations by BBC Radio

    Learning English Conversations

    1,038 Listeners

    The Diary Of A CEO with Steven Bartlett by DOAC

    The Diary Of A CEO with Steven Bartlett

    8,618 Listeners

    Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

    Kubernetes Podcast from Google

    181 Listeners

    Day Two DevOps by Packet Pushers

    Day Two DevOps

    15 Listeners

    DevOps Paradox by Darin Pope & Viktor Farcic

    DevOps Paradox

    25 Listeners

    Adventures in DevOps by Will Button, Warren Parad

    Adventures in DevOps

    18 Listeners

    Think Fast Talk Smart: Communication Techniques by Matt Abrahams, Think Fast Talk Smart

    Think Fast Talk Smart: Communication Techniques

    798 Listeners

    All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

    All-In with Chamath, Jason, Sacks & Friedberg

    9,935 Listeners

    Coaching Real Leaders by Harvard Business Review / Muriel Wilkins

    Coaching Real Leaders

    676 Listeners

    The Ezra Klein Show by New York Times Opinion

    The Ezra Klein Show

    15,948 Listeners

    The Foreign Affairs Interview by Foreign Affairs Magazine

    The Foreign Affairs Interview

    445 Listeners

    The Rest Is Politics: US by Goalhanger

    The Rest Is Politics: US

    2,204 Listeners

    Agentic DevOps by Bret Fisher

    Agentic DevOps

    2 Listeners