Attending this event?
19-22 March
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Central European Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Wednesday, March 20 • 16:30 - 17:05
Securing the Supply Chain with Sigstore Artifacts Signatures at Scale - Dmitry Savintsev & Yonghe Zhao, Yahoo

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

An exploration into Yahoo’s year-long integration journey of Sigstore, enhancing Supply Chain Security through verifiable "certificates of origin" for artifacts. Despite the challenges of scaling Sigstore in a high-traffic environment, the Paranoids — Yahoo’s information security organization — successfully secured around 60,000 daily builds, spanning 700 clusters and 100,000 pods. Join us as we: * Showcase the image signing and verification process, sharing insights from our experiences. Learn about the enhancements we implemented in Sigstore and cosign to achieve an "enterprise-grade" deployment at Yahoo's scale. * Delve into how we adapted these components to Yahoo’s corporate environment where we have our own certificate authority and identity provider (Athenz). Attendees will leave this session with the knowledge to seamlessly implement Sigstore in their Continuous Integration (CI) pipelines, customized to their specific components and enterprise architecture.

avatar for Dmitry Savintsev

Dmitry Savintsev

Paranoid, Yahoo
Dmitry Savintsev is a veteran Yahoo Paranoid (Security Engineer) with over 20 years of experience in the areas of Software Development and Security with the emphasis on their combination. As part of the internal R&D team, he works on large-scale projects to improve security of the... Read More →
avatar for Yonghe Zhao

Yonghe Zhao

Software Dev Engineer, Yahoo
Yonghe Zhao is a Software Dev Engineer at Yahoo. He is responsible for designing & implementing security-related software systems at Yahoo. A pragmatic lifelong learner, he brings a proactive and results-oriented approach to his work.

Wednesday March 20, 2024 16:30 - 17:05 CET
Pavilion 7 | Level 7.1 | Room D
  • Content Experience Level Any
Feedback form isn't open yet.