Managing Private and Public Registries in Software Supply Chain Attacks

#111: Ever since Alex Birsan published his Dependency Confusion article in February 2021, the concept of the software supply chain has come to the forefront. The supply chain should not be a new concept to people, but many seemed to have been caught off guard. Today we talk about Alex's article along with a new project that allows you to manage your supply chain security in Tekton.

https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610

https://security.googleblog.com/2021/06/verifiable-supply-chain-metadata-for.html

https://cloud.google.com/blog/products/identity-security/how-were-helping-reshape-software-supply-chain-ecosystem-securely

https://portswigger.net/daily-swig/software-supply-chain-attacks-everything-you-need-to-know

https://www.cisa.gov/publication/software-supply-chain-attacks

https://www.whitesourcesoftware.com/resources/blog/software-supply-chain-attacks/

https://deps.dev/

YouTube channel:

https://youtube.com/devopsparadox/

Books and Courses:

Catalog, Patterns, And Blueprints

https://www.devopstoolkitseries.com/posts/catalog/

Kubernetes Chaos Engineering With Chaos Toolkit And Istio

https://www.devopstoolkitseries.com/posts/chaos/

Canary Deployments To Kubernetes Using Istio and Friends

https://www.devopstoolkitseries.com/posts/canary/

Review the podcast on Apple Podcasts:

https://www.devopsparadox.com/review-podcast/

Slack:

https://www.devopsparadox.com/slack/

Connect with us at:

https://www.devopsparadox.com/contact/