►
From YouTube: Welcome and Kickoff! - Dan Lorenc, ChainguardRoom
Description
Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at https://kubecon.io The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Welcome and Kickoff! - Dan Lorenc, ChainguardRoom
A
Yeah,
so
welcome
thanks
everybody
for
joining
us
here
in
person
and
thank
you
everybody
for
attending.
Virtually
it's
been
a
long
time
since
we've
seen
each
other
in
person
at
one
of
these
events,
and
I
can
tell
the
community
really
needs
to
get
back
together
like
this,
so
I'm
going
to
start
out
with
a
couple
logistics.
A
My
name
is
dan
lawrence.
I'm
your
host
today
for
supply
chain
security.
Con
we're
gonna
go
over
some
logistics.
The
agenda
for
today
we
have
a
bunch
of
in-person
talks
mixed
with
pre-recorded
talks
that
we're
gonna
be
playing.
I'm
going
to.
B
A
Over
some
of
the
rules
and
stuff
too,
because
we
are
still
operating
with
the
mask
policy
and
everything,
and
then
I'm
going
to
play
a
pretty
exciting
video,
the
grand
premiere
of
operation
salsa
for
everybody
before
we
kick
off
and
jump
into
the
talks,
so
logistics
for
the
day
kim
here
is
our
virtual
moderator.
A
Raise
your
hand
kim
people
watching
remotely
can
ask
questions
in
the
chat
and
kim
will
relay
those
questions
to
speakers.
So
if
you're
a
speaker,
you
can
answer
questions
from
people
here,
but
also
make
sure
you
call
on
kim
2
to
relay
any
of
the
virtual
questions
and
make
sure
to
repeat
the
questions.
You're
answering
if
they're,
impersonal
and
so
people
watching
live
can
understand
what
the
questions
were,
because
they
might
not
always
be
able
to
hear
them.
A
The
mask
policy
in
this
room
you
have
to
have
your
mask
on
unless
you
are
speaking
up
here
right
outside,
though
directly
outside
behind
us,
is
the
snack
and
drink
area.
So,
once
you're
out
there,
you
can
take
a
seat,
you
can
take
a
break.
You
can
eat,
you
can
drink.
Lunch
is
all
the
way
back
toward
reception,
which
is
going
to
be.
I
think,
sometime
around
noon,
to
check
the
exact
schedule,
though
we
have
a
couple
breaks
planned
so
make
your
way
in
and
out
during
those
breaks.
A
Cool,
we
have
a
bunch
of
talks
today
about
some
of
the
scary
stuff
in
supply
chain
security.
So
I
wanted
to
start
out
by
focusing
on
some
of
the
opposites.
So
some
of
the
highlights
and
the
awesome
work
our
community
has
done
to
start
improving
supply
chain
security
rather
than
jumping
with
scary
stats.
A
A
Security,
don't
know
if
adolfo
was
here
right
now,
but
he
did
a
ton
of
work
to
start
producing
s,
bombs
or
software
bill
of
materials
for
kubernetes
and
the
last
kubernetes
release
in
july.
So
this
is
a
huge
step
forward.
Oh
there,
you
go
awesome,
raise
your
hand.
A
There's
also
been
a
huge
effort
in
kubernetes
to
start
reducing
the
size
and
complexity
of
the
dependency
tree.
This
is
what
it
looked
like
at
one
point:
it's
a
complete
mess.
You
have
to
zoom
in
to
even
see
everything,
but
the
kubernetes
team
put
together
a
bunch
of
pre-submit
checks
to
actually
monitor
this
over
time
and
make
sure
that
people
don't
accidentally
increase
complexity.
Here,
it's
actually
led
to
a
dramatic
reduction
in
the
dependency
tree
of
kubernetes,
which
is
awesome
for
anybody
in
the
ecosystem.
A
There's
been
a
bunch
of
other
work
too
and
verifying
the
integrity
of
releases
to
prevent
them
from
being
tampered
with,
and
I
want
to
thank
the
kubernetes
team
again
dolfo
you
can
channel
all
of
our
clapping
for
kubernetes
is
to
you
here,
but
this
goes
out
to
everybody
virtually
too
that's
done
a
bunch
of
work
here
and
then
this
is
outside
of
kubernetes
too.
The
whole
broader
ecosystem
has
come
together
and
really
started
attacking
this
problem
head-on.
These
are
just
some
of
the
highlights.
A
The
openssf
is
another
linux
foundation,
effort
dedicated
to
improving
open
source
security,
they're
doing
a
huge
giveaway,
multi-factor
authentication
keys
to
contributors
to
projects
to
help
improve
security.
There,
too,
there's
been
a
bunch
of
other
research
and
progress
on
binary
transparency
and
other
things
like
this
too.
Across
the
ecosystem
we've
been
coming
together,
we've
been
doing
work
in
supply,
chain
security
and
having
results.
I
just
want
to
thank
everybody
for
that
and
continue
this
process
with.
A
A
B
B
Let
me
remind
you:
salsa
is
the
supply
chain
levels
for
software
artifacts,
it's
a
framework
that
you
can
use
to
ensure
the
integrity
of
your
software
supply
chain.
It
ranges
from
levels
one
through
level,
four
and
as
you
go
higher
in
level,
the
more
secure
your
software
supply
chain
becomes
today
we're
going
to
use
salsa
to
figure
out
why
software
supply
chains
all
over
the
world
are
being
breached
and
we're
going
to
use
it
to
neutralize
the
threat
agent
queso.
The
screen.
B
This
is
a
big
problem,
as
I'm
sure
you've
noticed
supply
chain
attacks
have
been
increasing
in
the
past
few
months
and
we've
seen
it
in
the
mainstream
news.
Trillions
of
dollars
have
been
lost
and
that's
why
it
is
more
important
than
ever
to
secure
your
software
supply
chain.
Your
supply
chain
consists
of
many
steps
from
building
your
code
testing
it
to
deploying
it
to
production,
and
you
may
be,
depending
on
different
environments
and
using
different
services
as
well.