Loading…
Open Source Summit + Embedded Linux Conference North America... has ended
May 18-20, 2026
Minneapolis, MN
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central DaylightTime (UTC -5). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Lightning Talk: Built Clean. Receipts Attached - Adolfo García Veytia, Carabiner Systems & Alex Zenla, Edera
Tuesday May 19, 2026 3:25pm - 3:35pm CDT
200C (Level Two)
Security frameworks such as SLSA require software builds to run in isolated environments to guarantee they are “free of unintended external influence”. In practice, this means full control of the runtime environment and every dependency entering a build, ensuring no malware slips into released software
But how can you verify isolation after the fact? How do you know a container image or binary was compiled in a truly hermetic environment, free from tampering processes or hidden tooling? Can you confidently prove your release used only the dependencies declared in your SBOM?
In this talk, Marina and Puerco will demonstrate practical techniques to verify build isolation and runtime characteristics. Want cryptographic proof of hermetic builds? We’ll show it. Need confidence in software components and complete SBOM coverage? Covered. Trace provenance to the exact VM that executed the build? Absolutely.
Using Cocoon, an open source build packager running inside Edera Protect isolated zones, we will verify attested machine identity via SPIFFE SVIDs, environment features, and SBOM completeness, all enforced with reusable policy code powered by technologies like in-toto, SLSA and Sigstore.
Speakers
avatar for Alex Zenla

Alex Zenla

CTO, Edera
Alex is a Founder & CTO at Edera, building technology for securing containers using hypervisors in Rust. She has contributed to many open source projects including Chromium, Chromium OS, Dart, and Ubuntu, some as early as 11 years old. Alex started in the corporate world at the age... Read More →
avatar for Adolfo Garcia Veytia

Adolfo Garcia Veytia

Founding Engineer, Carabiner Systems
Adolfo García Veytia (@puerco) is one of the Kubernetes SIG Release Technical Leads and actively works on the Release Engineering team. He specializes in improving the software that drives the automation behind the Kubernetes release process. He is also the creator of the OpenVEX... Read More →
Tuesday May 19, 2026 3:25pm - 3:35pm CDT
200C (Level Two)
  cdCon

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning App Privacy Terms
Share Modal

Share this link via

Or copy link