CNCF [Cloud Native Computing Foundation] Courses

Security as Code - A DevSecOps Approach

Explore DevSecOps and Security as Code with CodeQL. Learn to implement security checks, detect vulnerabilities, and foster collaboration between development and security teams for a robust security culture.

• YouTube
• 37 minutes
• On-Demand
• Free Video

Software Supply Chain Security with TAG Security

Explore software supply chain security with insights on guidance, resources, and recent developments. Learn about the whitepaper, compromise catalog, and reference architecture for secure supply chains.

• YouTube
• 25 minutes
• On-Demand
• Free Video

Zero Trust Workload Identity in Kubernetes

Explore Zero Trust principles in Kubernetes using SIFFE and Spire for workload identity-based authorization, eliminating the need for secrets and enhancing security across service meshes.

• YouTube
• 37 minutes
• On-Demand
• Free Video

Improving Secure Pod-to-Pod Communication Within Kubernetes Using Trust Bundles

Explore advanced techniques for enhancing secure pod-to-pod communication in Kubernetes using trust bundles, leveraging cert-manager, SPIFFE, and KEP-3257 for automated TLS certificate creation and mTLS patterns.

• YouTube
• 38 minutes
• On-Demand
• Free Video

From Illuminating to Eliminating Crypto Jacking Techniques in Cloud Native

Explore cryptojacking evolution in cloud environments, from basic attacks to sophisticated techniques targeting containers and Kubernetes. Learn proactive protection strategies using open-source tools for enhanced security.

• YouTube
• 29 minutes
• On-Demand
• Free Video

Cloud Native Security 101 - Building Blocks, Patterns and Best Practices

Explore cloud native security fundamentals, attack vectors, and best practices for implementing continuous security in cloud applications without compromising innovation.

• YouTube
• 34 minutes
• On-Demand
• Free Video

Security Does Not Need to Be Fun - Ignoring OWASP to Have a Terrible Time

Explore OWASP's free tools for web application security testing and implementation. Learn to identify issues early and integrate security best practices throughout the software development lifecycle.

• YouTube
• 27 minutes
• On-Demand
• Free Video

Verifiable GitHub Actions with eBPF

Explore eBPF-based solution for securing GitHub Actions pipelines against supply chain attacks. Learn about runtime security, build profiling, and verification techniques to protect your software development process.

• YouTube
• 40 minutes
• On-Demand
• Free Video

The Magic Behind OIDC - Understanding Open ID Connect for Workload Identity

Explore OIDC's role in cloud-native identity authentication, workload identity federation, and securing CI pipelines. Learn its spec, machine identities, and applications in Kubernetes, SPIFFE/SPIRE, and Sigstore.

• YouTube
• 34 minutes
• On-Demand
• Free Video

Finding the Needles in a Haystack - Identifying Suspicious Behaviors with eBPF

Explore how AWS uses eBPF to identify security risks in Kubernetes, including malicious activities and communication with known threats. Learn advantages, challenges, and practical applications.

• YouTube
• 39 minutes
• On-Demand
• Free Video

Securing User to Service Access in Kubernetes

Explore networking and security considerations for exposing Kubernetes services to users, covering authentication, load balancing, traffic filtering, and encryption. Learn about various access management options.

• YouTube
• 40 minutes
• On-Demand
• Free Video

Securing Diverse Supply Chains Across Interconnected Systems

Explore how SpaceX integrates SBOM and vulnerability discovery tools to enhance security across diverse software systems, reducing response time and improving prioritization for developers.

• YouTube
• 21 minutes
• On-Demand
• Free Video

Real-World Trust Management with Linkerd and Cert-Manager

Explore real-world trust management using Linkerd and cert-manager, enhancing security and reliability in cloud-native environments.

• YouTube
• 1 hour 1 minute
• On-Demand
• Free Video

Kubernetes v1.26 Release Overview

Explore the latest features and improvements in Kubernetes v1.26, enhancing container orchestration capabilities for cloud-native applications.

• YouTube
• 55 minutes
• On-Demand
• Free Video

How to Build Serverless Event-Driven Microservice Systems with Kalix

Learn to build serverless event-driven microservice systems using Kalix, exploring its features and benefits for developing scalable and efficient cloud-native applications.

• YouTube
• 42 minutes
• On-Demand
• Free Video