enforceable-supply-chain-security-policy-with-opa-gatekeeper-and-ratify-chuan-hui-opa-gatekeeperreratifychan-chan-zha-chi-ji-ru-feynman-zhou-microsoft-dahu-kuang-alibaba-cloud.pdf

《enforceable-supply-chain-security-policy-with-opa-gatekeeper-and-ratify-chuan-hui-opa-gatekeeperreratifychan-chan-zha-chi-ji-ru-feynman-zhou-microsoft-dahu-kuang-alibaba-cloud.pdf》由会员分享，可在线阅读，更多相关《enforceable-supply-chain-security-policy-with-opa-gatekeeper-and-ratify-chuan-hui-opa-gatekeeperreratifychan-chan-zha-chi-ji-ru-feynman-zhou-microsoft-dahu-kuang-alibaba-cloud.pdf（28页珍藏版）》请在三个皮匠报告上搜索。

1、Enforceable Supply Chain Security Policy with OPA Gatekeeper and RatifyFaynman Zhou,Microsoft&Dahu Kuang,Alibaba CloudWho we areKuang DahuAlibaba CloudACK Team,Senior E ZhouProduct Manager for Microsoft AzureRatify Maintainer,CNCF AmbassadorDahuKAgenda Why Software Supply Chain Security matters?Popu

2、lar Open-Source Projects&Framework in the industry and CNCF How Ratify and OPA Gatekeeper help secure your supply chain End-to-end demo:Signing and verify images on KubernetesConcepts and Challenges of Software Supply Chain Security Traditional supply chain v.s.Software supply chainImage source:CNCF

3、 Software Supply Chain Security Paper Potential security attacks and incidents2024 XZ Utils(CVE-2024-3094)2023 OpenAI 2021 CodeCov2021 Log4j2020 SolarWinds2021 hypocrite commits2024 HashiCorp changed its OSS licenseCode compromisedNon-compliant licenseNetwork transformation attackDeploy non-complian

4、t codeSystem credential leakRepository comprisedVulnerabilities in components or dependencies From Synosys Open Source Security and Risk Analysis report-2024:Security attack and risk assessments Security attack and risk assessmentsDo not use non-compliant open-source projectDo not use any vulnerable

5、 dependencies!Do not use any outdated images from external registry!Compliance teamSecurity managerPolicy teamPopular OSS solutions and frameworkin the industry and CNCF Popular Supply Chain Security frameworksSLSA FrameworkContainers Secure Supply Chain(CSSC)Framework Popular OSS projects for secur

6、ing supply chain How SSL Certificate secures the website?Compare it with todays cloud-native applicationImprove security posture in the digital worldHow Ratify and Gatekeeper help secure software supply chain What is Notary Project Ensure software authenticity and integritySign software artifacts,ve