Software Supply Chain Security with Chainguard

DevOps and Docker Talk

Episode | Podcast

Date: Fri, 06 Jan 2023 09:30:00 -0500

<p>Bret is joined by two Chainguard co-founders, CEO Dan Lorenc and Head of Product, Kim Lewandowski, to break down the ins and outs of supply chain security and talk about Chainguard's approach to securing it. We dive into tools, including their new Wolfi Linux distro.</p><p>We first talk about what that even is, because it's a buzzword right now, and not everyone's on the same page on what securing your supply chain even means in the world of software. Then we jump into base images for containers, and their project Wolfi. We talk a lot about Wolfi in this episode, because it has the potential to change how we build our containers.</p><p>Streamed live on YouTube on October 13, 2022.</p><p><br /><strong>Unedited </strong><a href="https://youtu.be/6lrHA6NeXF0"><strong>live recording</strong></a><strong> of this show on YouTube (Ep #188)</strong></p><p>★<strong>Topics★</strong><br /><a href="https://www.chainguard.dev/">Chainguard Website</a><br /><a href="https://twitter.com/chainguard_dev">Chainguard Twitter</a><br /><a href="https://edu.chainguard.dev">Chainguard Academy</a><br /><a href="https://github.com/wolfi-dev">Wolfi</a><br /><a href="https://github.com/chainguard-images">Wolfi-based images</a><br /><a href="https://www.sigstore.dev">Sigstore</a></p><p><strong>★Dan Lorenc★</strong><br /><a href="https://twitter.com/lorenc_dan">Dan Lorenc on Twitter</a><br /><a href="https://www.linkedin.com/in/danlorenc">Dan Lorenc on Linkedin</a></p><p><strong>★Kim Lewandowski★</strong><br /><a href="https://twitter.com/kimsterv">Kim Lewandowski on Twitter</a><br /><a href="https://www.linkedin.com/in/kimsterv/">Kim Lewandowski on Linkedin</a></p><p>★<strong>Join my Community</strong>★<br />New live <a href="http://bret.courses/autodeploy"><strong>course on CI automation and gitops deployments</strong></a><br />Best coupons for my <a href="https://www.bretfisher.com/courses"><strong>Docker and Kubernetes courses</strong></a><br />Chat with us and fellow students on our Discord Server <a href="https://devops.fan/"><strong>DevOps Fans</strong></a></p><p>Homepage <a href="https://bretfisher.com/"><strong>bretfisher.com</strong></a></p> <ul> <li>(00:00) - DDT MAIN</li> <li>(00:04) - Intro</li> <li>(00:54) - Custom intro</li> <li>(02:51) - Main show</li> <li>(03:04) - Introductions</li> <li>(03:24) - How did Chainguard get started?</li> <li>(04:23) - What is a supply chain?</li> <li>(06:30) - First Security Things</li> <li>(08:55) - The article and the base image</li> <li>(12:02) - Wolfi elevator pitch</li> <li>(14:49) - How do packages get into Wolfi?</li> <li>(18:49) - How do Wolfi packages work</li> <li>(21:57) - Chainguard Enforce</li> <li>(26:43) - Question about in-toto</li> <li>(29:08) - Preventing unsigned images in production</li> <li>(30:44) - Blocking vulnerable dependencies with policies</li> <li>(31:39) - Scanning on servers</li> <li>(34:02) - Question</li> <li>(35:53) - Question</li> <li>(37:50) - Getting started with Wolfi</li> <li>(39:57) - Where are they on Github (demo?)</li> <li>(40:50) - Question about vex</li> <li>(43:13) - What else?</li> <li>(43:40) - Chainguard Academy</li> <li>(45:24) - Professional services</li> <li>(49:32) - Wrapping up</li> <li>(49:56) - Outro</li> </ul> <br /><p><strong>Support this show and get exclusive benefits on </strong><a href="https://patreon.com/BretFisher"><strong>Patreon</strong></a><strong>, </strong><a href="https://www.youtube.com/@BretFisher"><strong>YouTube</strong></a><strong>, or </strong><a href="https://www.bretfisher.com/"><strong>bretfisher.com</strong></a><strong>!</strong></p>