Building Trust in Open Source: A Practical Guide to Securing Your Software Supply Chain
Talk (60 min)
In this session, I’ll cut through the noise to demystify the fundamentals of software supply chain security. We’ll explore these frameworks and tools in depth, understand how they work together, and provide a clear practical guide to building stronger, more resilient pipelines. I’ll also highlight real-world supply chain threats from dependency confusion to insecure deployments and show how open-source tools can help you detect, prevent, and respond to these risks effectively.
By the end of this session, attendees will have:
- A clear understanding of key security frameworks like SLSA, SBOM, and Sigstore
- Awareness of emerging threats in cloud-native software delivery
- Hands-on knowledge of tools and strategies to enhance trust in their development workflows
- Confidence to implement defense-in-depth strategies to secure their supply chain and deliver trusted verified software
Yash Pimple
Yash is currently working as a Software Engineer Intern at Chainguard, specializing in securing software supply chains. He is an AWS Community Builder and CNCF Ambassador, he has also delivered talks at KubeCon + CloudNativeCon North America 2023 and KubeCon India 2024. Yash is an active contributor to CNCF projects and open-source initiatives. His expertise includes Kubernetes, cloud-native security, and DevOps automation, with a strong focus on advancing secure, scalable systems