#131 Securing the Software Supply Chain in Kubernetes

Show Notes

In this episode, Ronald and Jan talk with Zahra Dehghanpour (platform engineer at bol.com) and Feike Wierda (Senior DevOps Engineer @Bol. via HCS Company) about software supply chain security in Kubernetes environments.

Zahra shares her journey from development to platform engineering, driven by the constant challenges and unpredictability of working with infrastructure. Her earlier experience working in Iran, where infrastructure had to be built and maintained under constraints, shaped her approach to designing resilient and fault-tolerant systems.

Feike explains that software supply chain security covers everything that touches your software, from dependencies and tooling to people and processes. At bol.com, this is addressed by standardizing pipelines, controlling dependencies through internal repositories, and applying security scanning early in the process.

A key theme is balance: developers need freedom, but within secure guardrails. That’s why pipelines are not immediately blocked on vulnerabilities, but first used to provide visibility and gradually increase maturity.

The episode also highlights that security is never “done.” It’s an ongoing process where automation, better tooling, and AI will play an increasingly important role, especially in areas like code review and vulnerability management.

DevOps Conference
The Conference for CI/CD, Kubernetes, Platform Engineering & DevSecOps 

k8_Podcast voor 15% korting

Like and subscribe! It helps out a lot.

You can also find us on:
De Nederlandse Kubernetes Podcast - YouTube
Nederlandse Kubernetes Podcast (@k8spodcast.nl) | TikTok
De Nederlandse Kubernetes Podcast

Where can you meet us:
Events

This Podcast is powered by:
ACC ICT - IT-Continuïteit voor Bedrijfskritische Applicaties | ACC ICT