The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
This schedule is automatically displayed in Mountain Daylight Time (UTC/GMT -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."
IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
Sign up or log in to add sessions to your schedule and sync them to your phone or calendar.
Software supply chain attack is an emerging threat for today’s enterprises. An attacker first gets an internal network access of the target enterprise, typically by using social engineering. Next the attacker gets administrator access to a software supply chain of the enterprise. Finally the attacker injects a backdoor into a built artifact and steals confidential information or digital assets from the enterprise, or even worse from customers.
A critical attack surface here is the administrator of the software supply chain. Confidential Containers is an open source project to protect containers from administrators by using trusted execution environments (TEEs). It protects a Kubernetes pod from a cluster administrator by running the pod inside of a TEE and validating the pod by remote attestation.
This talk presents a use case of Confidential Containers to protect a Tekton task. You will understand how Confidential Containers protects a task and artifacts even when the cluster administrator is compromised.
Tatsushi is working on research to enhance the security of IBM Z. He contributed to various open source projects. He is recently contributing to Confidential Containers, which is a sandbox project of Cloud Native Computing Foundation.
We all know that observability is a must-have for operating systems in production. But we often neglect our own backyard - our software release process. As a result, we also lack standardization, and each CI/CD tool invent its own way of reporting about pipeline runs, which causes fragmentation, lock-in and difficulty to leverage existing observability tools.
We've been talking about the need for a common "language" for reporting and observing CI/CD pipelines for years, and finally, we see the first "words" of this language entering the "dictionary" of observability - the OpenTelemetry open specification and semantic conventions. On this talk the OTel CI/CD SIG leads will share the need, and the work of the SIG.
Join us to learn about this new SIG, its role, the milestones achieved and roadmap ahead. The talk will also discuss the alignment with adjacent open source communities such as the CDF's Jenkins and CDEvents and the Eiffel community.
