CloudDevelopersDevOpsFeaturedKubernetesLet's TalkOpen SourceSecurityVideo

Exploring Key Trends In Securing The Software Supply Chain With Kenny Johnston, GitLab


Although there is an increasing number of applications being deployed on Kubernetes clusters, managing the applications and ensuring the security of the software supply chain continue to be key considerations. While there is a growing awareness of the need to produce a software bill of materials (SBOM), organizations need a better understanding of the different components of the Supply-chain Levels for Software Artifacts (SLSA) as a whole.

In this episode of TFiR Let’s Talk recorded at KubeCon + CloudNativeCon EU, Swapnil Bhartiya sits down with Kenny Johnston, Senior Director of Product Management at GitLab, to discuss the trends in securing the software supply chain and what is new in GitLab 15.

  • There is a trend toward operationalizing cloud-native infrastructure, such as enabling developers to easily deploy it and ensuring that the software that is being deployed to the cloud-native environment is secure. Johnston shares his insights into the trends he is seeing.
  • GitLab is seeing a pattern where larger organizations are creating platform teams to help their developers use tools that are endorsed by the central organization in order to ship code easily without some of the overhead. Johnston explains how GitLab is enabling that relationship between platform and ops teams.
  • More applications are getting deployed to Kubernetes clusters closer to the edge. Johnston discusses the challenges with the complexity of managing more applications and operating a platform of that size.
  • GitLab 15 aims to improve observability, security and compliance, end-to-end enterprise agile management, and data and MLOps. Johnston goes into detail about what is new in GitLab 15 and how it will help developers.
  • There needs to be greater awareness of securing the software supply chain. Johnston feels that although one of the components of the SLSA levels is an SBOM and organizations are aware they need to produce one, other components play an important role and organizations need a better understanding of them.
  • Organizations need more awareness of the different types of vulnerabilities so that organizations can better assess critical and non-critical vulnerabilities and know what they are shipping. Johnston explains why he feels this is so critical.

Connect with Kenny Johnston (LinkedIn, Twitter)

The summary of the show is written by Emily Nicholls.

Read Transcript

Don't miss out great stories, subscribe to our newsletter.

Kubernetes Makes It Easy To Deploy And Manage Massive Databases | Sanjeev Mohan

Previous article

Traefik Labs Launches New Cloud Service To Help Developers Get Secured Public Access To Containers Instantly

Next article
Login/Sign up