One minute
Integrating SPIRE with Tekton and Sigstore
Road to SLSA Level 3!
As I spoke about in a previous video, Tekton Chains helps us obtain SLSA (Supply-chain Levels for Software Artifacts) Level 2. This only gets us half way through the SLSA levels. What if we wanted to go further?
To reach the next level, we need to integrate SPIFFE/SPIRE into Tekton Pipeline and Tekton Chains. SPIFFE/SPIRE will grant us short-lived workload attested certificates that we can use for signing and verifying.
In this presentation at the SPIFFE/SPIRE monthly meetup, I discuss some of the work we have done to integration SPIFFE/SPIRE with Tekton. This is still a work in progress at the time of this recording but stay tuned for a blog post detailing this integration.