Mind the Gap: Bridging Supply Chain Policy With Git-less GitOps... Michael Lieberman & Andrew Martin
Michael Lieberman, Andrew Martin
KubeCon + CloudNativeCon Europe 2025 · Session
In an era defined by accelerating software delivery and increasingly sophisticated cyber threats, securing the software supply chain has become a paramount concern for organizations worldwide. This talk, "Mind the Gap: Bridging Supply Chain Policy With Git-less GitOps," delivered by Michael Lieberman and Andrew Martin at KubeCon EU, delves into innovative strategies and open-source tooling designed to address these challenges head-on. The presentation highlights the critical need for robust provenance, verifiable software composition, and efficient vulnerability remediation, particularly in light of emerging regulatory frameworks like the European Union's Cyber Resilience Act (CRA).
AI review
This talk presents a brutally honest yet highly actionable vision for securing the software supply chain. Leveraging core open-source projects like GUAC, it introduces truly novel architectural patterns such as Git-less GitOps with OCI artifacts and granular policy enforcement via CEL. The speakers, deeply embedded in these projects, deliver a comprehensive strategy that directly addresses the existential threats of supply chain attacks and the looming compliance burden of the EU CRA, providing concrete tools and methodologies that will fundamentally shift how serious organizations approach…