# CloudNative(FM) show notes (Episode No 48) ### (Learning the Supply Chain Security The Right Way) Supply chain security is a multifaceted, complex, and currently unsolved problem, and today’s guest is determined to change that. In this episode, Adolfo Garcia Veytia a.k.a @puerco shares the various open source communities that he is involved with, the numerous different elements of supply chain security that need to be addressed, and where and how to start, as well as how he feels about the future of this sector that he is so invested in. He promises me to share his best moment of KubeCon valencia. [@puerco on KubeCon 2022](https://www.youtube.com/watch?v=ffiaA__8UAE) #### KubeCon Tweets * [Taylor Keynote](https://twitter.com/cloudnativeboy/status/1527275579711660032/photo/1) * [Puerco Rocking at the KubeCon stage](https://twitter.com/cloudnativeboy/status/1527276295364673537) * I have missed meeting the bestest people from CNCF community [Chris Short | Duffie Cooley](https://twitter.com/cloudnativeboy/status/1527316949406863360/photo/1) * [Wanclouds at IBM Booth at KubeCon (Multi Cloud Migration and DRAAS)](https://twitter.com/cloudnativeboy/status/1527330651825139713) #### What is ChainGuard? Secure your software supply chains faster. 🐦 [Twitter](https://twitter.com/chainguard_dev) 🌏 [Website](https://www.chainguard.dev/) 🙌 [LinkedIn](https://www.linkedin.com/company/chainguard-dev/) ⭐️ [GitHub](https://github.com/chainguard-dev) #### ChainGuard [A Company packed with tech Super Stars] ##### KubeCon Talks * [Registries After Dark, Part 2: Distributed Random Access Merkledags](https://www.youtube.com/watch?v=Xt_G-pUArTM) * [Securing Your Container Native Supply Chain with SLSA, Github and Tekton](https://www.youtube.com/watch?v=iZpFtalj4xE) * [Make the Secure Kubernetes Supply Chain Work for You](https://www.youtube.com/watch?v=ffiaA__8UAE&t) * [Kubernetes SIG CLI: Intro and Updates](https://www.youtube.com/watch?v=eOxy1PS5TyQ) * [Releasing Kubernetes Less Often and More Secure](https://www.youtube.com/watch?v=qhQYu077zZU&t=144s) ##### ChainGuard Live [Chainguard Live: All About That Base Image](https://www.youtube.com/watch?v=iqY8DTYqLW0) #### ChainGuard blogs ⚡ Introducing Chainguard Images: The first container base images designed for a secure software supply chain! ✅ Painless Vulnerability Management ✅ SBOM included ✅ Easy Compliance (FIPS, SLSA) ✅ Built on Open Source and Standards [Announcing the First Images Designed for a Secure Software Supply Chain](https://blog.chainguard.dev/announcing-chainguard-images/) 🛡️ New: Chainguard Enforce ✔️ Seamless Developer Experience ✔️ Integrates into your workflows ✔️ Know what’s running where and when [Introducing Chainguard Enforce: A pragmatic solution for software supply chain security](https://blog.chainguard.dev/introducing-chainguard-enforce-a-pragmatic-solution-for-software-supply-chain-security/) [What an SBOM Can Do for You](https://blog.chainguard.dev/what-an-sbom-can-do-for-you/) [Dealing with Multiple SBOMs](https://blog.chainguard.dev/dealing-with-multiple-sboms/) #### More Good News for ChainGuard family [Chainguard Raises $50M in Series A to Make Software Supply Chain Secure by Default, Introduces Secure Container Base Images](https://blog.chainguard.dev/chainguard-raises-50m-in-series-a-to-make-software-supply-chain-secure-by-default-introduces-secure-container-base-images/) #### A Crash Course in Software Supply Chain Security [Start Learrning](https://blog.chainguard.dev/a-crash-course/) #### Blog written by Dan Lorenc [Kubernetes 1.24 will be the first release officially using Sigstore, enabling seamless verification of signatures to protect against supply chain attacks across the 5.6m developer community](https://blog.sigstore.dev/kubernetes-signals-massive-adoption-of-sigstore-for-protecting-open-source-ecosystem-73a6757da73) #### Learn Supply Chain Security from Tech Super Stars at ChainGuard [Dan Lorenc](https://twitter.com/lorenc_dan) [@n3wscott](https://twitter.com/n3wscott) [Adolfo García Veytia](https://twitter.com/puerco) [Priya Wadhwa](https://twitter.com/priyawadhwa16) [Kim Lewandowski](https://twitter.com/kimsterv) [Matt Moore](https://twitter.com/mattomata) [Jason](https://twitter.com/ImJasonH) [Carlos Panato](https://twitter.com/comedordexis) #### CNCF Blogs * [Announcing the Refreshed Cloud Native Security Whitepaper](https://www.cncf.io/blog/2022/05/18/announcing-the-refreshed-cloud-native-security-whitepaper/) * [Cloud Native Maturity Model 2.0](https://www.cncf.io/blog/2022/05/18/cloud-native-maturity-model-2-0/) #### KubeCon Valencia 2022 Wrapup * [Rich Burroughs](https://loft.sh/blog/kubecon-valencia-2022-wrapup/) #### CloudNativeFM Previous Epiosdes * [Story of Five At Chainguard | CLOUDNATIVE.FM Ep 27](https://www.youtube.com/watch?v=2FOg-g2GX6A&t=1379s) * [OSS Supply Chain Security Deep Dive with Dan Lorenc | CLOUDNATIVE.FM Ep 23](https://www.youtube.com/watch?v=JhFr5_PQS_Y&t=1350s) * [OSS Supply Chain Security With TektonCD With Dan Lorenc | CLOUDNATIVE.FM Ep 24](https://www.youtube.com/watch?v=2G30htG21q8&t=2s) * [Cloud Native CI/CD On AWS using Tekton | CLOUDNATIVE.FM Ep 41](https://www.youtube.com/watch?v=7q20TxSolFo&t=421s) #### CloudNativeFM Next Week * [Introduction to VPC+ and DRAAS from C.E.O Faiz Khan Wanclouds]