Achieving End-to-End Software Supply Chain Security with in-toto
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Explore the latest advancements in software supply chain security with this informative conference talk from KubeCon + CloudNativeCon Europe 2023. Delve into the world of in-toto, a CNCF Incubated project designed to enhance the security of software supply chains. Learn about recent community-driven developments, including improved artifact tracking for Git, GitBOM, SBOMs, and OCI images, as well as expanded attestation types for SLSA provenance and measured execution. Discover how in-toto integrates with cloud-native identity projects like SPIFFE and Sigstore. Gain insights into existing integrations with Tekton Chains, Jenkins, Gitlab Runners, and rebuiderd from the reproducible builds project. Explore opportunities to participate, collaborate, and implement in-toto to safeguard your own software supply chains. Get a glimpse of ongoing work involving Sigstore, SPDX, GitBOM, and other exciting features in this comprehensive 35-minute presentation by experts Santiago Torres-Arias and Aditya Sirish A Yelgundhalli.
Syllabus
Achieving End-To-End Software Supply Chain S... Santiago Torres-Arias & Aditya Sirish A Yelgundhalli
Taught by
CNCF [Cloud Native Computing Foundation]