Securing the software supply chain with Tekton and Sigstore
Many companies are increasingly focusing on securing their software supply chain, particularly after the Biden Administration’s Executive Order and some high-profile vulnerabilities making the headlines. Chainguard is a software supply chain security startup focused on providing a trusted supply chain of open-source components that enterprises can grab and build and use in all of their infrastructure. Billy Lynch, software engineer at Chainguard, says, “Our goal is to make software supply chain secure by default.” Chainguard is also involved in several Continuous Delivery (CD) Foundation projects, such as being on the governing board for Tekton and being a maintainer for Tekton Chains and Sigstore. Lynch believes there is a natural relationship in joining Tekton and Sigstore together. For instance, Sigstore’s CoSign tool can be brought into Tekton as part of the software supply chain story to provide verifiable provenance.
What kind of challenges are we facing today in terms of software supply chain security? What does open source mean for security? What kind of open source projects Chainguard is involved with to help companies improve their security posture. We find answers to all these questions in this interview, check it out.
by The Linux Foundation
linux foundation