In-person + Virtual
18-21 April
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Summer Time (UTC +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Back To Schedule
Thursday, April 20 • 16:30 - 17:05
Secure Your Project with the SIG Release Supply Chain Kit - Adolfo García Veytia & Carlos Panato, Chainguard

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Over the past two years, Kubernetes SIG Release shifted focus from automating the k8s release process to building stronger security features. And now, all the work done by the Release Engineering team has been packaged into really cool tools that anybody can use to harden their project's supply chain security stance. Our toolkit lets users pick and choose from the same components that our Release Managers use to secure the Kubernetes releases with features like: * Software Bill of Materials * Signed SLSA provenance attestations * Signed container images and artifacts * Secure GitHub release pages The tools can work with any project, no need to be part of the Kubernetes family! In this talk, puerco will showcase how these tools are in use today, helping secure the releases of other projects across the Cloud Native landscape, including Knative, Istio, Cilium, CRI-O, Vitess, and others. He will show simple examples to achieve better supply chain security in your project by signing artifacts, creating SBOMs, and provenance data just as big OSS projects do it. All using helpful reusable GitHub actions. The talk will close with a shameless call for contributors passionate about CI/CD and software supply chain security to come and join the Kubernetes Release Engineering team!

avatar for Carlos Panato

Carlos Panato

Staff Engineer, Chainguard
Carlos Panato is a Staff Software Engineer at Chainguard, Inc., who’s working on development and infrastructure using Kubernetes and containers. Previously, he’s worked on development, testing, processes, and management. He contributes to several CNCF/LF projects and it is an... Read More →
avatar for Adolfo García Veytia

Adolfo García Veytia

Staff Software Engineer, Chainguard
Adolfo García Veytia (@puerco) is a software engineer with Chainguard based out of Mexico City. He is a Technical Lead with Kubernetes SIG Release. He co-leads the Release Engineering subproject where he works to improve the automation and security of the Kubernetes release process... Read More →

Thursday April 20, 2023 16:30 - 17:05 CEST
D201-202 | Second Floor | Congress Centre (Elicium Building)