Professional Documents
Culture Documents
Supply Chain Security KubeDay Singapore
Supply Chain Security KubeDay Singapore
SBOMs
In the wild!
Experiment #2
SLSA
For real!
Experiment #3
cosign
Where is
What’s
it being
being built?
built?
cosign
SLSA SBOMs
app
Node js lang
</>
Node libs
...
Node JS
OS
app
0 ❌
1 ✅
2 ✅ ✅
3 ✅ ✅ ✅
4 ✅ ✅ ✅ ✅
OIDC Connect
Certificate Signing
Request
x.509
Rekor Entry
Data, signature,
certificate, timestamp