How often do we question the wisdom of releasing to production on a Friday afternoon? Has the production software been tested thoroughly enough to identify vulnerabilities? If we do find security problems in production, what steps can we take to fix them? And how can we take preventative measures against potential problems or attacks? Recently, software supply chain security has become an increasingly important topic. Concepts such as SBOMs, SLSA, Reproducible Builds and CI/CD Security are often discussed to address previous concerns. This session will explore these concepts and provide guidance on how to apply them to your individual projects. We will focus on tools, guides, proposals from the OSSF Foundation, CNCF, OWASP and CDF

Main focus on Tools, Guides, Suggestions from the OSSF Foundation, CNCF, OWASP and CDF