Stories

Automating trust in the supply chain

Supply chain security needs to be integrated into CI/CD Pipelines. This session will cover practical and useful techniques that many enterprises can use.

In today's world, open-source software has become a crucial component of enterprise software development, with 90% of enterprises utilizing it and 96% of codebases containing open-source components (Gartner). However, this also presents a significant security risk, as a recent survey predicts that 45% of enterprises will experience software supply chain attacks by 2025.

At Northwestern Mutual, we understand the importance of securing the software supply chain and have implemented an approach that prioritizes efficiency, speed, and security in our software development process. Our goal is to modernize and incorporate a "trust but verify" mentality into our CI/CD pipeline.

Join us as we share our journey of implementing automation in supply chain security, including the lessons learned and the mysteries unraveled surrounding software dependency chains. We will also share practical techniques to help you avoid a potential supply chain breach, providing you with knowledge and tools to safeguard your enterprise's valuable assets.

Ravi Devineni
Sr. Director of Engineering, Northwestern Mutual
Bobbi Wenzler
Lead Technical Product Manager, Northwestern Mutual
Ravi Devineni

Related talks

Stories
Meta dogfooding: How Cloudsmith used Cloudsmith to build Cloudsmith
During this talk, I'll delve into the core of our platform engineering operations: how we host internal artifacts, how we consume artifacts, and how we get these into production.
Jack Gibson
Software Engineer, Cloudsmith
sponsored
Stories
Development portal: Unleash the best for your developers and more!
Discover Intuit's in-house built developer portal journey which serves 5000+ developers and another 4000+ non-developer personas, and learn how we shifted from developer portal to development portal.
Praneet Singh
Senior Product Manager - Developer Portal, Intuit
sponsored
Stories
Navigating the future of Terraform and OpenTofu
In this talk you will learn about Terraform and OpenTofu and how to navigate both projects.
Sören Martius
Founder and CEO, Terramate
sponsored
Stories
Building a self-service platform for legacy to Kubernetes migration at IndMoney
At IndMoney we had a lot of legacy services running on a mix of EC2 and ECS-based containerized workloads, so we designed a service platform to assist with the migration. Join this talk to learn how we built a platform that assisted developers in migrating their services from EC2/ECS to EKS with zero network disturbances, and generated metrics for developers to track.
Harsh Singh
Principal Engineer, Indian Stocks, INDMoney
sponsored

Register for PlatformCon 2024

Connect with fellow platform practitioners, learn from the best in the industry and engage directly with speakers on Slack.
Community
Join over 17k platform engineers from all over the world
Slack
Share best practices, discuss new trends and tooling with 17k+ platform practitioners
Speakers
Engage with 100+ speakers in dedicated channels or directly in DMs