In this talk I’ll present the current state of the software supply chain, the big global recent events (SolarWinds, log4shell, codecov, packagist) and the state of the PHP and Drupal ecosystem, the threats and the mitigations that can be applied using tools like Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning and how to use them for real-world projects to gain unprecedented levels of knowledge of your digital artifacts.Â
There will be also a demo of the mentioned tools in action to implement a secure supply chain pipeline for your Drupal projects.
Room
Time Slot
Session length
Long session - 45min, including Q&A
Audience
All Attendees
Session Category
DevOps & Quality Assurance
Speaker(s)
Paolo Mainardi
CTO at Sparkfabrik
Speaker biography
Hello, i am Paolo Mainardi, proud founder and CTO of Sparkfabrik.
My role is to drive the company toward innovation, by building cutting-edge and cloud-native web applications and doing Kubernetes consultancy at different levels, from the the cluster management to custom implementations, we are also CNCF Silver Member and Kubernetes Certified Service Provider (KCSP).
When i am not too busy with the company stuff, i like to contribute to open source projects, speaking and organizing conferences and actively participating to the community.
You can get in touch with me on Mastodon: https://continuousdelivery.social/@paolomainardi
Session Keywords