Loading…
Tuesday November 12, 2024 10:40am - 11:05am MST
Minder is an open-source project to secure software supply chains, starting with repository security. While Minder provides a gRPC API for user interactions, it also operates continuously in the background, detecting and reacting to supply chain events. In this talk, we’ll describe how this background operation evolved from ad-hoc webhooks into an asynchronous event-driven platform with multiple services. Our journey began with asynchronous flows, starting with Go channels and then using Watermill with a SQL database for events. This worked great for a single binary but had issues when sharing the database between two applications – each attempted to enforce its own schema on the shared database. The problem gets worse when trying to interoperate between languages – the Watermill library we used doesn’t support Python or NodeJS. The next step we’re undertaking is to migrate to using CloudEvents – a common schema which can be evolved independently of the specific components.
Speakers
avatar for Evan Anderson

Evan Anderson

Software Engineer, Stacklok
Co-founder and maintainer on Knative project. Member of sigstore-oncall. Previously worked on Google Compute Engine and Serverless (App Engine, Functions) and in SRE. Principal engineer at Stacklok. Ex-Google, ex-VMware. Author of Building Serverless Applications on Knative by O'Reilly... Read More →
avatar for Vyom Yadav

Vyom Yadav

CNCF Ambassador, Canonical
Vyom is a recent graduate and CNCF Ambassador working on Canonical's Security Team. His focus areas include vulnerability management, patching, and software supply chain security. Vyom has been involved in open source since his freshman year, participating in programs like Google... Read More →
Tuesday November 12, 2024 10:40am - 11:05am MST
Salt Palace | Level 1 | 151 G

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Share Modal

Share this link via

Or copy link