Loading…
October 24 - 25, 2022 | Detroit, Michigan
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2022 - Detroit, MI + Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Daylight Time (EDT), UTC -4. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Tuesday, October 25 • 3:40pm - 4:10pm
See It to Believe It: Bringing Observability to Otherwise Opaque Container Builds - Parth Patel, Kusari & Shripad Nadgowda, Intel

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Container build is arguably one of the most security sensitive operations in the whole application supply chain spectrum, which has largely remained opaque to date. It is typically implemented as a multi-stage process in the Continuous Integration (CI) pipeline that includes cloning the source code, resolving and downloading dependencies, compiling and packaging applications and finally publishing the built artifacts. To establish trust in the final built artifact, it is not sufficient to ensure security guarantees around just the built artifact, but it is critical to provide provenance and integrity assurance for every action in the pipeline that went into building that artifact. While tools, such as Tekton Chains, provide visibility into the steps that were performed and components that were used during the build process, we are still missing the lower level syscalls that were made. In this presentation, Parth and Shripad will present an open framework using tetragon to bring out-of-band runtime visibility and provide automated attestation for tekton based CI pipeline.
Speakers
avatar for Parth Patel

Parth Patel

Co-Founder, Kusari
Solutions Architect with 15+ years of CyberSecurity, DevOps, Software Development and Automation experience. He is an active member in the open source community contributing/path-finding on various projects. Maintainer on the OpenSSF project GUAC (Graph for Understanding Artifact... Read More →
avatar for Shripad Nadgowda

Shripad Nadgowda

Software Architect, Intel
Shripad is a Cloud Software Architect at Intel. He is currently leading multiple initiatives around software supply chain security, especially in the area of operationalization and management of SBOM , CICD pipeline security and provenance readiness. He is also actively engaged in... Read More →

Runtime Attest CNSecurityCon'22 v3.pptx pdf
Tuesday October 25, 2022 3:40pm - 4:10pm EDT
Room 321 Huntington Place: 1 Washington Blvd, Detroit, MI 48226
  Sessions, Track 2