Securing Your Supply Chain by Building with FRSCA - Michael Lieberman, Kusari
FRSCA (pronounced Fresca) is an OpenSSF project ([ Ссылка ]) that secures the software supply chain by helping secure the build pipeline. FRSCA is an implementation of the CNCF's Secure Software Factory Reference Architecture. FRSCA is both a suite of build, signing, identity, and other tools as well as a set of abstractions intended to make secure build pipelines simple and straightforward to create. It follows common security standards and frameworks like SLSA ([ Ссылка ]) and NIST's SSDF. It also makes it easy to generate attested metadata like software bill of materials (SBOM) and SLSA attestations. In this talk Michael will explore how the Secure Software Factory Reference Architecture was designed to protect against supply chain compromise coming from your build pipeline. He will show some common supply chain attacks, and how they can be used to compromise downstream software you build, distribute, and operate. Afterwards he will show how you can use FRSCA to prevent, react to, and audit these attacks.
![SUSE Linux Enterprise Server 12 SP2 Installation on VMware Workstation [2017]](https://i.ytimg.com/vi/oCMn3ALN5bM/mqdefault.jpg)
