Talks
Cyberwisecon Europe 2024 : [EN] Cyberwisecon | Building a Trusted and Resilient Software Supply Chain
- Abstract:
In this talk, It will be presented the current state of the software supply chain, the significant global recent events (SolarWinds, log4shell, codecov, etc..), the state of the Open-Source ecosystem, the threats and the mitigations that can be applied using tools like Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning and how to use them to improve the integrity and to gain unprecedented levels of knowledge of your digital artifacts and your cloud infrastructures.
- Slides
- Demo video
- Abstract:
PHPDAY 2024 - Verona: [ITA] PHPDAY 2024 | What is the secure software supply chain and the current state of the PHP ecosystem
- Abstract:
In this talk I’ll explain what is the Software Supply Chain, common threats and mitigations and how they apply to IAC ecosystem too. I’ll show off security threats using Terraform and its ecosystem and finally i’ll talk about OCI images talking about digital signatures and SBOM using Sigstore and Syft. I’ll do a live coding session showing off how to deploy secure OCI images on K8S cluster with security policies built with Kyverno, the session includes also security scanning using the generated SBOM
- Slides
- Demo repository
- Abstract:
Codemotion Milan 2023: [ITA] CodeMotion Milan 2023 | Deep dive into the secure software supply chain on IaC
- Abstract:
In this talk I’ll explain what is the Software Supply Chain, common threats and mitigations and how they apply to IAC ecosystem too. I’ll show off security threats using Terraform and its ecosystem and finally i’ll talk about OCI images talking about digital signatures and SBOM using Sigstore and Syft. I’ll do a live coding session showing off how to deploy secure OCI images on K8S cluster with security policies built with Kyverno, the session includes also security scanning using the generated SBOM.
- Slides
- Demo repository
- Abstract:
DrupalCon Lille 2023: [ENG] Drupal Lille 2023 | What is the secure software supply chain and the current state of the PHP ecosystem
- Abstract
In this talk I’ll present the current state of the software supply chain, the big global recent events (SolarWinds, log4shell, codecov, packagist) and the state of the PHP and Drupal ecosystem, the threats and the mitigations that can be applied using tools like Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning and how to use them for real-world projects to gain unprecedented levels of knowledge of your digital artifacts.
- Slides
- Video
- Abstract
DrupalDevDays Vienna 2023: [ENG] DrupalDevDays Vienna 2023 | What is the secure software supply chain and the current state of the PHP ecosystem
- Abstract
In this talk I’ll present the current state of the software supply chain, the big global recent events (SolarWinds, log4shell, codecov, packagist) and the state of the PHP and Drupal ecosystem, the threats and the mitigations that can be applied using tools like Sigstore, Syft, and Grype for digital signatures, SBOM generation, and automatic vulnerability scanning and how to use them for real-world projects to gain unprecedented levels of knowledge of your digital artifacts.
- Video
- Abstract
IDI2023: [ITA] Incontro Devops 2023 | Deep dive nella security supply chain della nostra infrastruttura cloud
- Abstract:
L’infrastruttura come codice e le applicazioni cloud-native consentono di raggiungere livelli senza precedenti di efficienza e governance dei nostri servizi cloud, rendendoci capaci di creare infrastrutture immutabili e ripetibili, di poterci operare come se fossero applicazioni quindi versionando il codice, qa e test automatici e procedure di rilascio automatiche verso gli ambienti di destinazione. Più inseriamo codice nelle nostre infrastrutture, più estendiamo la superficie di attacco. In questo talk, esaminerò gli attacchi alla catena di approvvigionamento a diversi livelli, come rilevarli e le tecniche per mitigarli e come scrivere codice IaC più sicuro.
- Slides
- Sigstore-SBOM demo
- Abstract:
Sparkfabrik tech talk: K8S Retrogaming | A retro game machine build as a Kubernetes custom controller
- Abstract:
AdditronK8S is a retro game machine build as a Kubernetes custom controller and implemented in Javascript.
- Repository: https://github.com/paolomainardi/additronk8s-retrogames-kubernetes-controller
- Slides: https://www.slideshare.net/sparkfabrik/retro-gaming-machine-made-with-javascript-and-kubernetes-240654394
- Video: https://youtu.be/XlhSCWzgQ4k
- Abstract:
Sparkfabrik tech talk: Fortran: deployare una scheda perforata serverless con Cloud Run e Github Actions
The path to a serverless-native era with Kubernetes (Container Day 2019/Devdays 2019 Baku/Devopsdays Madrid)
- Slides: https://www.slideshare.net/sparkfabrik/containerday-2019-the-path-to-a-serverlessnative-era-with-kubernetes-1
- Video from Devopsdays Madrid 2020: https://www.youtube.com/watch?v=q52bEOIQTwk
Alibaba Cloud Container Service deep dive (ContainerDay 2018)
Gitlab ci e kubernetes, build test and deploy your projects like a pro (ContainerDay 2017)
Docker for Drupal developers (DrupalDevDays 2016)