suppychain

Supply chain attacks have become predominant in the past few years and companies are scrambling to secure their software supply chain. Trying to understand and overcome this problem is no easy feat.

Various tools and cloud native solutions have stepped up to help ease the integration of security practices based on SLSA (Supply-chain Levels for Software Artifacts) security levels. Tekton, a cloud native solution for building CI/CD systems, is one of these tools that has a lot to offer. With the addition of Tekton Chains, companies are empowered to shift security left and create DevSecOps pipelines to improve the security of their build and release process.

Learn more about Tekton Chains and how it can be used with Tekton Pipelines (CI/CD) to create signed provenance! In this presentation we will walk through initial setup, configuration and how to verify the final provenance.

Tekton Chains