Meetup #89 - Software Supply Chain Security

2026-06-18

Agenda:

  • Session intro
  • Talk: Securing the Software Supply Chain in a Cloud Native World: From CI/CD Pipelines to SLSA
  • Networking
  • Session wrap up

Host

Securing the Software Supply Chain in a Cloud Native World: From CI/CD Pipelines to SLSA

This talk provides a focused overview of modern software supply chain security through three interconnected lenses: CI/CD pipeline hardening, cloud native-specific risks, and the SLSA framework. It examines how attackers target build systems and dependencies, and walks through practical defenses including artifact signing with Sigstore and Cosign, least-privilege access in GitHub Actions and Tekton, and securing containerized workloads. SLSA is introduced as an incremental, adoptable blueprint for achieving tamper-proof provenance and verifiable build integrity.
Image

Carlos Nogueira

DevOps specialist with more than 20 years of professional experience. Carlos is co-organizer of the DevOps na Praia meetup and host of the #engineeringsessions YouTube channel, where he publishes tutorials and reviews on DevOps, FLOSS and Cloud Native topics.

How to get there:

Join the discussion

The community is regularly present in Slack, so get on there ASAP and join in on the conversation. Get your invite here

Want to present at the meetup?

Interested in presenting at a Meetup? We're interested in having you there. Checkout the how the talk submission process works. Afterwards, please fill out our Call for speakers form with your talk idea.

Code of Conduct

Please keep in mind our code-of-conduct when participating in the community. We believe this code is essential to a healthy community and clearly in line with the values of DevOps.