DevOps and Docker Talk: Cloud Native Interviews and Tooling

Software Supply Chain Security with Chainguard

Listen Later

šŸ™Œ The Agentic DevOps Guild has launched! It's a training + community + mentorship program for engineers wanting to learn the latest CI/CD automation and dive into Agentic DevOps. Meetups are happening now, with new course videos dropping every few weeks. Join the Guild and become your team's leader in AI for infrastructure automation https://www.bretfisher.com/theguild šŸ¾


Bret is joined by two Chainguard co-founders, CEO Dan Lorenc and Head of Product, Kim Lewandowski, to break down the ins and outs of supply chain security and talk about Chainguard's approach to securing it. We dive into tools, including their new Wolfi Linux distro.

We first talk about what that even is, because it's a buzzword right now, and not everyone's on the same page on what securing your supply chain even means in the world of software. Then we jump into base images for containers, and their project Wolfi. We talk a lot about Wolfi in this episode, because it has the potential to change how we build our containers.

Streamed live on YouTube on October 13, 2022.


Unedited live recording of this show on YouTube (Ep #188)

ā˜…Topicsā˜…
Chainguard Website
Chainguard Twitter
Chainguard Academy
Wolfi
Wolfi-based images
Sigstore

ā˜…Dan Lorencā˜…
Dan Lorenc on Twitter
Dan Lorenc on Linkedin

ā˜…Kim Lewandowskiā˜…
Kim Lewandowski on Twitter
Kim Lewandowski on Linkedin

ā˜…Join my Communityā˜…
New live course on CI automation and gitops deployments
Best coupons for my Docker and Kubernetes courses
Chat with us and fellow students on our Discord Server DevOps Fans

Homepage bretfisher.com

  • (00:00) - DDT MAIN
  • (00:04) - Intro
  • (03:11) - Custom intro
  • (05:08) - Main show
  • (05:21) - Introductions
  • (05:41) - How did Chainguard get started?
  • (06:40) - What is a supply chain?
  • (08:47) - First Security Things
  • (11:12) - The article and the base image
  • (14:19) - Wolfi elevator pitch
  • (17:06) - How do packages get into Wolfi?
  • (21:06) - How do Wolfi packages work
  • (24:14) - Chainguard Enforce
  • (29:00) - Question about in-toto
  • (31:25) - Preventing unsigned images in production
  • (33:01) - Blocking vulnerable dependencies with policies
  • (33:56) - Scanning on servers
  • (36:19) - Question
  • (38:10) - Question
  • (40:07) - Getting started with Wolfi
  • (42:14) - Where are they on Github (demo?)
  • (43:07) - Question about vex
  • (45:30) - What else?
  • (45:57) - Chainguard Academy
  • (47:41) - Professional services
  • (51:49) - Wrapping up
  • (52:13) - Outro

    • You can also support this podcast by subscribing to my YouTube channel and my weekly newsletter at bret.news!

    Grab the best coupons for my Docker and Kubernetes courses.
    Join my cloud native DevOps community on Discord.
    Grab some merch at Bret's Loot Box
    Homepage bretfisher.com

    ...more
    View all episodesView all episodes
    Download on the App Store
    DevOps and Docker Talk: Cloud Native Interviews and ToolingBy Bret Fisher
    • 4.6
    • 4.6
    • 4.6
    • 4.6
    • 4.6

    4.6

    54 ratings

    More shows like DevOps and Docker Talk: Cloud Native Interviews and Tooling

    View all
    The Joe Rogan Experience by Joe Rogan

    The Joe Rogan Experience

    229,697 Listeners

    All Ears English Podcast by Lindsay McMahon and Michelle Kaplan

    All Ears English Podcast

    2,264 Listeners

    The Daily by The New York Times

    The Daily

    113,307 Listeners

    Agentic DevOps by Bret Fisher

    Agentic DevOps

    2 Listeners