A talk about creating automation, shifting left, attack vectors, attestations, verification, zero-trust, and SLSA.

In the talk I cover creating automation, shifting left, attack vectors, attestations, verification, zero-trust, and how the SLSA spec helps implement solutions for each. The main take away is that security needs to be applied everywhere in the pipeline. The talk should lead to a greater discussion around the challenges of securing the supply chain, supporting EO 14028 and ISO27001, and improving the security posture of your pipelines.

Attendee Takeaways

Answers for the following questions:

- Why do we need supply chain automation?
- What are common attack vectors in a supply chain?
- What techniques can we use to help secure the supply chain?
- What are the security benefits of supply chain automation and shift left?
- What specifications and tools can we use to help secure the supply chain?

https://jfrog.com/blog/swampup-session-highlights/#brett-smith