February 1-2, 2023 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Wednesday, February 1 • 11:00am - 11:35am
How to Secure Your Supply Chain at Scale - Hemil Kadakia & Yonghe Zhao, Yahoo

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In this session we will present a high-level system that protects against attacks — like unauthorized access, exploiting known vulnerabilities, injecting malicious software — by integrating open source tools such as Grafeas, Sigstore, Screwdriver, Kyverno & Anchore. In short, providing a unified solution for securing various aspects of the software supply chain. As one of the top ten visited websites on the Internet, Yahoo's massive scale across hybrid cloud and mobile platforms makes the security of our brands paramount — especially in today's evolving software supply chain landscape. This talk will deep dive into our primary use cases of source code scanning, security misconfiguration detection, vulnerability management, and protecting K8s deployments using dynamic policies. Attendees will leave with a framework for successfully managing the same tools Yahoo uses to simplify the developer experience.


Hemil Kadakia

Principal Software Engineer, Yahoo
Hemil Kadakia has been leading the effort of software supply chain security at Yahoo and likes developing tools for making developers' lives easier. He has also been a contributor to open source projects like Grafeas, Kyverno & Grafeas-RDS.
avatar for Yonghe Zhao

Yonghe Zhao

Software Engineer, Yahoo
Yonghe Zhao is a Software Dev Engineer in the Paranoids group at Yahoo. He is responsible for designing & implementing security-related software systems at Yahoo. He uses Go, AWS, Ansible, Docker, Kubernetes, and PostgreSQL in his daily work.

Wednesday February 1, 2023 11:00am - 11:35am PST
Room 606/607
  Supply Chains