Software Supply Chain Security: Provenance, Transparency, and Context

GDG Cloud Thessaloniki

This session will outline the practical, effective measures you can use to enhance your software supply chain security. Google Cloud product manager, Mark Chmarny, will illustrate how to implement artifact provenance attestation in your release pipelines and increase the traceability of the components and dependencies used in your software.

Jul 26, 2023, 4:00 – 5:00 PM

1 RSVP'd

Key Themes

Community Building

About this event

This session will outline the practical, effective measures you can use to enhance your software supply chain security. Google Cloud product manager, Mark Chmarny, will illustrate how to implement artifact provenance attestation in your release pipelines and increase the traceability of the components and dependencies used in your software. Using these measures, you will be able to more easily identify any outdated or insecure packages that could be exploited by attackers.

At Provenance, Transparency, and Context: Key Aspects of Software Supply Chain Security, our speaker will discuss how to:

  • Implement artifact provenance attestation in your release pipelines using Supply-chain Levels for Software Artifacts (SLSA)
  • Increase the traceability of the components and dependencies used in your software to enable you to more easily identify any outdated or insecure packages that could be exploited by attackers using a Software Bill of Materials (SBOM)
  • Provide up-to-date vulnerability context for your artifacts using Vulnerability Exploitability eXchange (VEX)

This event is co-hosted with C2C, the Google Cloud Customer Community.

Speaker

  • Mark Chmarny

    Google

    Product Manager

Organizers

  • Ilias Papachristos

    Ahead of Tech

    GDG Organizer

  • Efstathios Iosifidis

    Open Source Advocate | Community Engineer

Contact Us