We are so glad to collab with [Arlington & DC Cloud Meetup](https://www.meetup.com/dc-arlington-cloud-meetup/) and [AWS Cloud Security NOVA](https://www.meetup.com/aws-security/) again! Hosted right back at the [Matrix Group International ](https://www.matrixgroup.net/)Offices!

Many highly visible and prominent software supply chain attacks have caused teams to rethink how their software is built and delivered. The sprawl of open source ecosystems has exacerbated the challenge of vetting software artifacts. One strong countermeasure is [sigstore](https://www.sigstore.dev/), a free keyless signing service for developers that improves the security of the software supply chain through integrity verification and non-repudiation of artifacts as they pass from dev to prod.

This talk will cover some of the key technologies that make sigstore possible so developers can generate ephemeral keys that never even touch disk with just an OIDC login. We will also talk about how sigstore is a key component for DevOps initiatives that have supply chain objectives or are adopting frameworks such as SLSA and NIST SSDF. Finally, we will use our imaginations to think about some of the possibilities that we can build off of the sigstore components such real time continuous compliance and immutable CI/CD audits.

**Meet the Speaker:**
[John Osborne](https://www.linkedin.com/in/johnfosborneiii/) is a Software Supply Chain Architect at Chainguard focusing on end-to-end integrity of software artifacts. Most of his time is spent helping customers along their software supply chain journey with SLSA or NIST SSDF. He’s been active in cloud-native communities for the past 7 years. Prior to his arrival at Chainguard, he spent 9 years at Red Hat, most recently as the NA Practice Lead for DevSecOps. He also spent 7 years as the Infrastructure Lead for a large U.S. Navy program and several years at a telco startup. He has his MS Software Engineering, MBA, and is also co-author of OpenShift In Action. He currently lives in Vienna, Virginia.

**Housekeeping / Logistics:**

* Food & Beverage : Pizza and soft drinks!
* The event will be HYBRID; Zoom link to be shared shortly before the event, most likely the day before or day of.
* Please see the information about COVID regulations for this event.
* Also see the notes about transportation.
* This is a joint meetup with 3 other local groups so RSVP quickly to save your spot.

• 6:00 - 6:30 - Meet and Greet
• 6:30 - 6:45 - Introductions and Announcements
• 6:45 - 7:30 - Speakers
• 7:30 - 8:00 - Closing Remarks and Networking

Thank you to our sponsor [Chainguard, Inc](https://www.chainguard.dev/)!
Applying Zero-Trust principles to supply chain security to make the software lifecycle secure by default. We help organizations manage their open source and overall software supply chain security risk.

Check out the links to our [GitHub](https://github.com/devopsdc/devopsdc) repository for additional details!
Follow us on [Twitter](https://mobile.twitter.com/devopsdc), [LinkedIn](https://www.linkedin.com/groups/14042407/), or [Slack](https://dctechslack.com)!
We value the participation of each member of the community and want all attendees to have an enjoyable and fulfilling experience. To make clear what is expected, all delegates/attendees, speakers, exhibitors, organizers, and volunteers at any DevOpsDC event are required to conform to our [Code of Conduct ](http://www.meetup.com/DevOpsDC/pages/Code_of_Conduct/).

  • Get the latest DevOps jobs, events and curated articles straight to your inbox, once a week

  • Community Partners