C2C 2Learn event tomorrow: Software Supply Chain Security: Provenance, Transparency, and Context | C2C Community

C2C 2Learn event tomorrow: Software Supply Chain Security: Provenance, Transparency, and Context

  • 25 July 2023
  • 0 replies
  • 17 views
C2C 2Learn event tomorrow: Software Supply Chain Security: Provenance, Transparency, and Context
Userlevel 7
Badge +29

Let's talk abut the practical, effective measures you can use to enhance your software supply chain security at tomorrow's event here at C2C - The Google Cloud Customer Community, entitled "Software Supply Chain Security: Provenance, Transparency, and Context" with Mark Chmarny, Product Manager at Google. Mark will illustrate how to implement artifact provenance attestation in your release pipelines and increase the traceability of the components and dependencies used in your software. Using these measures, you will be able to more easily identify any outdated or insecure packages that could be exploited by attackers.

We will discuss how to: 
👉 Implement artifact provenance attestation in your release pipelines using Supply-chain Levels for Software Artifacts (SLSA)
👉 Increase the traceability of the components and dependencies used in your software to enable you to more easily identify any outdated or insecure packages that could be exploited by attackers using a Software Bill of Materials (SBOM)
👉 Provide up-to-date vulnerability context for your artifacts using Vulnerability Exploitability eXchange (VEX)
 

 

Want to join us?

Register and press the RSVP button here


0 replies

Be the first to reply!

Reply