Achieve software supply chain security using AWS Nitro Enclaves and GitHub Actions
Lv200
Lv200
Cloud deployments are complex, and securing them is even harder to achieve.
When we deploy applications into the cloud, many things can go wrong and break our defense.
What if the software being deployed has malware injected? How can we make sure the API we are connecting is not spoofed by attackers? These problems are even more concerning when it comes to sensitive components like personal information processing.
In this session, I’ll demonstrate how we can use AWS Nitro Enclaves and GitHub Actions to implement a Trusted Execution Environment and the software deployment pipeline with software supply chain security baked in, where we can verify every single API call in production, all the way back to its source code.
©JAWS-UG (AWS User Group - Japan). All rights reserved.