Software Supply Chain Security with Chainguard

🙌 My next course is coming soon! I've opened the waitlist for those wanting to go deep in GitHub Actions for DevOps and AI automation in 2025. I'm so thrilled to announce this course. The waitlist allows you to quickly sign up for some content updates, discounts, and more as I finish building the course. https://learn.bretfisher.com/waitlist🍾Bret is joined by two Chainguard co-founders, CEO Dan Lorenc and Head of Product, Kim Lewandowski, to break down the ins and outs of supply chain security and talk about Chainguard's approach to securing it. We dive into tools, including their new Wolfi Linux distro.We first talk about what that even is, because it's a buzzword right now, and not everyone's on the same page on what securing your supply chain even means in the world of software. Then we jump into base images for containers, and their project Wolfi. We talk a lot about Wolfi in this episode, because it has the potential to change how we build our containers.Streamed live on YouTube on October 13, 2022.Unedited live recording of this show on YouTube (Ep #188)★Topics★Chainguard WebsiteChainguard TwitterChainguard AcademyWolfiWolfi-based imagesSigstore★Dan Lorenc★Dan Lorenc on TwitterDan Lorenc on Linkedin★Kim Lewandowski★Kim Lewandowski on TwitterKim Lewandowski on Linkedin★Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps FansHomepage bretfisher.com (00:00) - DDT MAIN (00:04) - Intro (02:31) - Custom intro (04:28) - Main show (04:41) - Introductions (05:01) - How did Chainguard get started? (06:00) - What is a supply chain? (08:07) - First Security Things (10:32) - The article and the base image (13:39) - Wolfi elevator pitch (16:26) - How do packages get into Wolfi? (20:26) - How do Wolfi packages work (23:34) - Chainguard Enforce (28:20) - Question about in-toto (30:45) - Preventing unsigned images in production (32:21) - Blocking vulnerable dependencies with policies (33:16) - Scanning on servers (35:39) - Question (37:30) - Question (39:27) - Getting started with Wolfi (41:34) - Where are they on Github (demo?) (42:27) - Question about vex (44:50) - What else? (45:17) - Chainguard Academy (47:01) - Professional services (51:09) - Wrapping up (51:33) - Outro You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

There are no comments yet.

Please log in to write the first comment.