YOLO Levels: Insecure Your Software Supply Chain!

There exists a widespread misperception that making your software supply chain secure is hard, that few companies can achieve SLSA level 4. We call bullshit. For instance, signing artifacts with Sigstore is easy. Making your software supply chain ultra insecure, on the other hand, is hard work. That’s why…

Kubernetes Meets SLSA

Kubernetes 1.23 was just released and is full of security improvements. The most exciting improvement to us is the release engineering work to bring the Kubernetes build process up to SLSA1 for hardened supply chain integrity!…

Introducing: Chainguard, Inc.

I am thrilled to announce our new company: Chainguard, Inc. on behalf of our founders: Matt Moore, Scott Nichols, Ville Aikas, Kim Lewandoswki, and myself - Dan Lorenc. We are making software supply chains secure by default. The rapid rise of software supply chain attacks in the last three years…