Software Supply Chain Security with Chainguard
Publisher |
Bret Fisher
Media Type |
audio
Categories Via RSS |
Education
How To
News
Tech News
Publication Date |
Jan 06, 2023
Episode Duration |
00:50:05

Bret is joined by two Chainguard co-founders, CEO Dan Lorenc and Head of Product, Kim Lewandowski, to break down the ins and outs of supply chain security and talk about Chainguard's approach to securing it. We dive into tools, including their new Wolfi Linux distro.

We first talk about what that even is, because it's a buzzword right now, and not everyone's on the same page on what securing your supply chain even means in the world of software. Then we jump into base images for containers, and their project Wolfi. We talk a lot about Wolfi in this episode, because it has the potential to change how we build our containers.

Streamed live on YouTube on October 13, 2022.

Unedited live recording of this show on YouTube (Ep #188)

Topics★Chainguard WebsiteChainguard TwitterChainguard AcademyWolfiWolfi-based imagesSigstore

★Dan Lorenc★Dan Lorenc on TwitterDan Lorenc on Linkedin

★Kim Lewandowski★Kim Lewandowski on TwitterKim Lewandowski on Linkedin

Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps Fans

Homepage bretfisher.com

  • (00:00) - DDT MAIN
  • (00:04) - Intro
  • (00:54) - Custom intro
  • (02:51) - Main show
  • (03:04) - Introductions
  • (03:24) - How did Chainguard get started?
  • (04:23) - What is a supply chain?
  • (06:30) - First Security Things
  • (08:55) - The article and the base image
  • (12:02) - Wolfi elevator pitch
  • (14:49) - How do packages get into Wolfi?
  • (18:49) - How do Wolfi packages work
  • (21:57) - Chainguard Enforce
  • (26:43) - Question about in-toto
  • (29:08) - Preventing unsigned images in production
  • (30:44) - Blocking vulnerable dependencies with policies
  • (31:39) - Scanning on servers
  • (34:02) - Question
  • (35:53) - Question
  • (37:50) - Getting started with Wolfi
  • (39:57) - Where are they on Github (demo?)
  • (40:50) - Question about vex
  • (43:13) - What else?
  • (43:40) - Chainguard Academy
  • (45:24) - Professional services
  • (49:32) - Wrapping up
  • (49:56) - Outro

You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!

Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

Bret is joined by two Chainguard co-founders, CEO Dan Lorenc and Head of Product, Kim Lewandowski, to break down the ins and outs of supply chain security and talk about Chainguard's approach to securing it.

Bret is joined by two Chainguard co-founders, CEO Dan Lorenc and Head of Product, Kim Lewandowski, to break down the ins and outs of supply chain security and talk about Chainguard's approach to securing it. We dive into tools, including their new Wolfi Linux distro.

We first talk about what that even is, because it's a buzzword right now, and not everyone's on the same page on what securing your supply chain even means in the world of software. Then we jump into base images for containers, and their project Wolfi. We talk a lot about Wolfi in this episode, because it has the potential to change how we build our containers.

Streamed live on YouTube on October 13, 2022.

Unedited live recording of this show on YouTube (Ep #188)

Topics★Chainguard WebsiteChainguard TwitterChainguard AcademyWolfiWolfi-based imagesSigstore

★Dan Lorenc★Dan Lorenc on TwitterDan Lorenc on Linkedin

★Kim Lewandowski★Kim Lewandowski on TwitterKim Lewandowski on Linkedin

Join my Community★New live course on CI automation and gitops deploymentsBest coupons for my Docker and Kubernetes coursesChat with us and fellow students on our Discord Server DevOps Fans

Homepage bretfisher.com

  • (00:00) - DDT MAIN
  • (00:04) - Intro
  • (00:54) - Custom intro
  • (02:51) - Main show
  • (03:04) - Introductions
  • (03:24) - How did Chainguard get started?
  • (04:23) - What is a supply chain?
  • (06:30) - First Security Things
  • (08:55) - The article and the base image
  • (12:02) - Wolfi elevator pitch
  • (14:49) - How do packages get into Wolfi?
  • (18:49) - How do Wolfi packages work
  • (21:57) - Chainguard Enforce
  • (26:43) - Question about in-toto
  • (29:08) - Preventing unsigned images in production
  • (30:44) - Blocking vulnerable dependencies with policies
  • (31:39) - Scanning on servers
  • (34:02) - Question
  • (35:53) - Question
  • (37:50) - Getting started with Wolfi
  • (39:57) - Where are they on Github (demo?)
  • (40:50) - Question about vex
  • (43:13) - What else?
  • (43:40) - Chainguard Academy
  • (45:24) - Professional services
  • (49:32) - Wrapping up
  • (49:56) - Outro

You can also support my free material by subscribing to my YouTube channel and my weekly newsletter at bret.news!

Grab the best coupons for my Docker and Kubernetes courses.Join my cloud native DevOps community on Discord.Grab some merch at Bret's Loot BoxHomepage bretfisher.com

This episode currently has no reviews.

Submit Review
This episode could use a review!

This episode could use a review! Have anything to say about it? Share your thoughts using the button below.

Submit Review