Loading…
In-person + Virtual
18-21 April
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Back To Schedule
Wednesday, April 19 • 14:30 - 15:05
Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling - Christie Wilson, Google & Priya Wadhwa, Chainguard

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Video Stream


SLSA is an emerging standard for supply chain security that makes it easier to reason about threats and mitigations, but how do we make it work for Kubernetes? It can be difficult to analyze the security posture of a Kubernetes based CI/CD platform, let alone mitigate the threats. Threat modeling to the rescue! Using Tekton as a case study, Priya and Christie will walk you through a threat model analysis of CI/CD execution on Kubernetes, identifying trust boundaries that can be exploited by malicious external actors, internal actors and even privileged admins, and mapping these trust boundaries to SLSA standards. They will demo how Tekton has complied with this standard by utilizing open source projects like Sigstore and SPIRE. You'll leave this talk with a deeper understanding of supply chain security and of how to mitigate potential threats to building artifacts on Kubernetes.
Speakers
avatar for Christie Warwick

Christie Warwick

Software Engineer, Google
Christie Wilson (Warwick) (she/her) is a software engineer with a passion for building quality software and having fun doing it. During her career she has worked in a wide range of domains from currency exchange to AAA games and is currently working on continuous delivery tools at... Read More →
avatar for Priya Wadhwa

Priya Wadhwa

Software Engineer, Chainguard
Priya Wadhwa is a software engineer at Chainguard, where she works on a variety of open source projects with the goal of improving software supply chain security. She is a member of the Sigstore TSC and a maintainer of the Tekton Chains project. She's passionate about making security... Read More →

Filling the Gaps in Kubernetes Flavored SLSA with Threat Modeling pdf
Wednesday April 19, 2023 14:30 - 15:05 CEST
In Virtual Platform
  CI/CD