Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore how Tekton, an open-source Kubernetes-native CI/CD framework, implements supply chain security best practices to achieve SLSA Level 4 compliance in this 25-minute conference talk. Learn how Tekton Chains automatically captures TaskRun inputs, outputs, and metadata as signed in-toto attestations, generating SBOM and provenance data that satisfies SLSA Level 2 requirements for documented, tamper-resistant build provenance. Discover Tekton's progression to higher SLSA levels through integration with cluster identities using SPIFFE/SPIRE and Sigstore keyless signing, which attaches short-lived workload certificates to attestations for non-falsifiable provenance meeting SLSA Level 3 controls. Examine Tekton's Hermetic Execution Mode (Hermekton) that runs build steps in air-gapped containers to ensure fully reproducible builds for SLSA Level 4 hermeticity requirements. Understand how Tekton's Trusted Resources feature enables signing of Task and Pipeline definitions with runtime verification to prevent unauthorized modifications to build logic. Gain insights from concrete examples and lessons learned from developing these security features for software supply chain protection.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
