Fostering Trust and Transparency in Software Supply Chain

Have you ever checked the ingredients on a food label? Most of us do, as we care about what we consume.

But what about software? Do you get to know every component which was used in building a software ? Even if you do, how can you be sure that the list of components, packages, or binaries you see is accurate and untampered with?

This talk guides you on how you can ensure supply chain security throughout the software development life cycle.

We will see how konflux-ci produces accurate and tamper proof SBOMs(software bill of materials). We will dive deeper into how to catch critical vulnerabilities early during the CI phase itself. We will also see how can you verify container images against major secure software frameworks or your own custom rules.

The best part? All of these security checks can be triggered with just a pull request (PR), making integration into your existing CI pipeline both seamless and effective.

If you are looking at integrating security in your CI process with ease, this talk is for you.