Software Supply Chain Security, with Priya Wadhwa
The idea of software supply chain security rocketed into the public consciousness in the last year, with the news that US government agencies had been breached. Priya Wadhwa is a software engineer at Google working on open source security, including projects to secure and verify container deployments. She outlines what is being done to make sure this doesn’t happen to you.
Do you have something cool to share? Some questions? Let us know:
- web: kubernetespodcast.com
- mail: kubernetespodcast@google.com
- twitter: @kubernetespod
Chatter of the week
News of the week
- Google Cloud Container Security webinar
- Register for Google Cloud Next 2021
- Google Cloud IDS
- Windows Server support for Anthos on-prem
- Multi-Cluster Ingress for GKE
- CVE-2021-22555: Kernel code execution through Netfilter bug
- CVE-2021-25740: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding
- CVE-2021-32690: Helm repository credentials passed to alternate domain
- Attacks on Argo Workflows discovered by Intezer
- Sysdig acquires Apolicy; Apolicy acquired by Sysdig
- CockroachDB Operator for Kubernetes
- Automatic remediation of Kubernetes nodes at Cloudflare
- CNCF App Delivery TAG publishes operator whitepaper
Links from the interview
- Software supply chain
- Reproducible builds
- SolarWinds hack
- US Executive Order on Improving the Nation’s Cybersecurity
- Binary Authorization
- Provenance, in art and software
- in-toto
- sigstore
- Tekton
-
Tekton Chains
- Announcement blog, by Priya & Dan
- SBOM (Software Bill of Materials)
- Open Source Insights
- SLSA
- SupplyChainSecurityCon
- sigstore Slack channel
- Priya Wadhwa on Twitter