Roberto Carratala

EMEA Senior Cloud Services Black Belt specializing in Container Orchestration Platforms (OpenShift & Kubernetes), Cloud Services, DevSecOps, and CICD.


Securing CICD pipelines with StackRox and Sigstore

How can we ensure the security of our supply chain and verify that all container images deployed in our Kubernetes clusters are both signed and protected, preventing the deployment of malicious ones? What methods can we adopt to sign and verify container images within our CI/CD pipelines, thereby bolstering the security of our DevOps workflows? […]

Building Trust in the Software Supply Chain

Overview What steps can we take to establish trust in our Software Supply Chain and ensure that our software can be traced back to its origin without introducing malicious code or dependencies? Moreover, how can we integrate Open Source tools to enhance the security of our Software Supply Chain’s lifecycle? As we explained in our […]

Securing the integrity of Software Supply Chains

Overview How can we secure the integrity of our Software Supply Chains and have confidence that our software has not been tampered with and can be traced to its source? Which are the main parts of the software supply chain security? Before explaining how to secure the Software Supply Chain, we need first to understand […]