SLSA compliance Archives

TLS, certificates, Docker, vulnerabilities, supply chain, KubeCon, SigStore, Kubernetes TrapX container security

Software Supply Chain Security: Why 99% of Your Container is Mystery Code

In a recent talk, the disparity between developers and platform engineers in container security was highlighted, revealing how a single line of code can pull in thousands of vulnerabilities. This article discusses ...

Jeroen van Erp | March 10, 2026 | Attestation, container security, Continuous Integration/Continuous Deployment (CI/CD), Dependency Management, Developer Relations, GitOps, Kubewarden, platform engineering, Provenance, Secure Base Images, SLSA compliance, Software Bill of Materials (SBOM), software supply chain security, Trust in Software Development., vulnerabilities

How Distroless Containers Defend Against npm Malware Attacks

The npm breach shows why distroless containers matter. Learn how minimal, continuously rebuilt images strengthen cloud-native supply-chain security ...