verifa · rubyrat · Jun 20, 2024 · Jun 20, 2024
diff --git a/posts/devops-finland-practical-software-supply-chain-security.md b/posts/devops-finland-practical-software-supply-chain-security.md
@@ -0,0 +1,57 @@
+---
+type: Event
+title: A practical take on Software Supply Chain Security
+subheading: A talk at DevOps Finland on the SLSA framework, SBOM (Software Bill of Materials) and the current state of software supply chain security in general.
+authors:
+- mvainio
+tags:
+- devsecops
+date: 2024-06-19
+image: "/static/blog/devops-finland-meetup-practical-software-supply-chain-security-talk/devops-finland-practical-software-supply-chain-security.png"
+featured: false
+---
+
+**A talk at DevOps Finland on the SLSA framework, SBOM (Software Bill of Materials) and the current state of software supply chain security in general.**
+
+## Abstract
+
+A practical take on the SLSA framework, SBOM (Software Bill of Materials) and the current state of software supply chain security in general. Instead of a deep dive, this talk focused on why should you care about supply chain security and what concrete steps can be taken to improve your security posture. 
+
+## What’s covered?
+
+- Current state of software supply chain security
+- SBOM (Software Bill of Materials)
+- SLSA framework (Supply-chain Levels for Software Architects)
+- Example of Provenance and Signing with GitHub Actions
+
+<object
+    type="application/pdf"
+    data="/static/blog/devops-finland-meetup-practical-software-supply-chain-security-talk/devops-finland-practical-software-supply-chain-security.pdf"
+    width="100%"
+    height="410">
+    <p>Oops! Your browser does not support PDFs. <a href="/static/blog/devops-finland-meetup-practical-software-supply-chain-security-talk/devops-finland-practical-software-supply-chain-security.pdf" download="devops-finland-practical-software-supply-chain-security.pdf">Download the slides</a> instead.
+</object>
+
+<a href="/static/blog/devops-finland-meetup-practical-software-supply-chain-security-talk/devops-finland-practical-software-supply-chain-security.pdf" download="devops-finland-practical-software-supply-chain-security.pdf">Download presentation.</a>
+
+## Links
+
+[DevOps Finland meetup](https://www.meetup.com/devops-finland/)
+
+[Software Supply Chain Best Practices by CNCF](https://github.com/cncf/tag-security/blob/main/supply-chain-security/supply-chain-security-paper/CNCF_SSCP_v1.pdf)
+
+[9th Annual State of the Software Supply Chain by Sonatype](https://www.sonatype.com/state-of-the-software-supply-chain/Introduction)
+
+[Supply Chain Threats, SLSA](https://slsa.dev/spec/v1.0/threats-overview)
+
+[SLSA Provenance, SLSA](https://slsa.dev/spec/v1.0/provenance)
+
+[Sigstore - signing, verification and provenance checks](https://www.sigstore.dev/how-it-works)
+
+[Google Cloud Build Build Provenance](https://cloud.google.com/build/docs/securing-builds/view-build-provenance)
+
+[GUAC](https://github.com/guacsec/guac) 
+
+---
+
+If you need help optimising your software development and continuous delivery processes, don’t hesitate to [**get in contact with us!**](https://verifa.io/contact/)
diff --git a/...re-supply-chain-security-talk/devops-finland-practical-software-supply-chain-security.pdf b/...re-supply-chain-security-talk/devops-finland-practical-software-supply-chain-security.pdf
diff --git a/...chain-security-talk/devops-finland-practical-software-supply-chain-security.png b/...chain-security-talk/devops-finland-practical-software-supply-chain-security.png