 Yeah, so welcome. Thanks everybody for joining us here in person and thank you everybody for attending virtually. It's been a long time since we've seen each other in person at one of these events and I can tell the community really needs to get back together like this. So I'm gonna start out with a couple logistics. My name is Dan Lawrence. I'm your host today for supply chain security con. We're gonna go over some logistics. The agenda for today, we have a bunch of in-person talks mixed with pre-recorded talks that we're gonna be playing. I'm gonna go over some of the rules and stuff too because we are still operating with the mask policy and everything. And then I'm going to play a pretty exciting video, the grand premiere of Operation Salsa for everybody before we kick off and jump into the talks. So logistics for the day. Kim here is our virtual moderator. Here's your hand Kim. People watching remotely can ask questions in the chat and Kim will relay those questions to speakers. So if you're a speaker, you can answer questions from people here but also make sure you call on Kim too to relay any of the virtual questions and make sure to repeat the questions you're answering if they're in person ones. So people watching live can understand what the questions were because they might not always be able to hear them. The mask policy in this room, you have to have your mask on unless you are speaking up here. Right outside though, directly outside behind us is the snack and drink area. So once you go out there, you can take a seat, you can take a break, you can eat, you can drink. Lunch is all the way back toward reception. Lunch is gonna be, I think sometime around noon to check the exact schedule though. We have a couple of breaks planned. So make your way in and out during those breaks. Cool. We have a bunch of talks today about some of the scary stuff in supply chain security. So I wanted to start out by focusing on some of the opposites. So some of the highlights, some of the awesome work our community has done to start improving supply chain security rather than jump in the scary stats. There we are, we're back. So we've got a bunch of these, this is KubeCon. So we've got a bunch with in Kubernetes itself. I wanted to give some shout outs here to some of the awesome Kubernetes maintainers for doing work here to improve supply chain security. It's clapped. I don't know if Adolfo is here right now, but he did a ton of work to start producing S-bombs or software bill of materials for Kubernetes. And the last Kubernetes release in July. So this is a huge step forward. Oh, there you go. Awesome, raise your hand. There's also been a huge effort in Kubernetes to start reducing the size and complexity of the dependency tree. This is what it looked like at one point. It's a complete mess. You have to zoom in to even see everything. But the Kubernetes team put together a bunch of pre-submit checks to actually monitor this over time and make sure that people don't accidentally increase complexity here. And it's actually led to a dramatic reduction in the dependency tree of Kubernetes, which is awesome for anybody in the ecosystem. So a conscious effort is required to reduce this and it's been having great results over time. There's been a bunch of other work too in verifying the integrity of releases to prevent them from being tampered with. And I want to thank the Kubernetes team again. Adolfo, you can channel all of our clapping for Kubernetes really, this is to you here. But this goes out to everybody virtually too that's done a bunch of work here. And then this is outside of Kubernetes too. The whole broader ecosystem has come together and really started attacking this problem head on. These are just some of the highlights we've seen across the open source space in general. The CNCF Tag Security Group published a white paper and they're now working on a reference architecture. SPDX, one of the formats for software build materials has been accepted as an ISO standard. GitHub and companies involved in open source have started improving baseline security to make it harder for people to tamper with and forge code. The OpenSSF is another Linux Foundation effort dedicated to improving open source security. They're doing a huge giveaway of multi-factor authentication keys to contributors to projects to help improve security there too. There's been a bunch of other research and progress on binary transparency and other things like this too across the ecosystem. We've been coming together, we've been doing work in supply chain security and it's been having results. I just want to thank everybody for that and continue this process. With that said, you're probably wondering why I'm wearing this $35 suit that I got. And that is because a group of secret agents came together as well to start working on what is called Operation Salsa. This is the grand premiere of episode one. So we're gonna tweet this link out right after and you'll be able to share it, but this will be up on YouTube any minute now. After this, we're gonna hand it over to the rest of our speakers. You turn the sound up. You all know why you're here. Software supply chains all over the world are being hacked and we need to get to the bottom of it. Does everybody remember what Salsa is? Well, we don't have much Salsa in Iowa. I expected more, fair day. It's just a dip for chips, right? Come on, Picante, let's get serious. Let me remind you, Salsa is the supply chain levels for software artifacts. It's a framework that you can use to ensure the integrity of your software supply chain. It ranges from levels one through level four and as you go higher in level, the more secure your software supply chain becomes. Today, we're going to use Salsa to figure out why software supply chains all over the world are being breached and we're going to use it to neutralize the threat. Aging queso, the screen. As I'm sure you've noticed, supply chain attacks have been increasing in the past few months and we've seen it in the mainstream news. Trillions of dollars have been lost and that's why it is more important than ever to secure your software supply chain. Your supply chain consists of many steps. From building your code, testing it, to deploying it to production. And you may be depending on different environments and using different services as well. That's why it's important to make sure that every step of the supply chain is secure. At every step, you are vulnerable to a different type of attack and that is why you need to take different measures to make sure that your entire chain is safe. Does anybody have any questions? Good. Aging queso, water. These supply chains aren't going to secure themselves. Let's go. I hope that sets the tone for the rest of the day and I want to hand it off to our next speaker.