Explore the latest advancements in software supply chain security with this informative conference talk from KubeCon + CloudNativeCon Europe 2023. Delve into the world of in-toto, a CNCF Incubated project designed to enhance the security of software supply chains. Learn about recent community-driven developments, including improved artifact tracking for Git, GitBOM, SBOMs, and OCI images, as well as expanded attestation types for SLSA provenance and measured execution. Discover how in-toto integrates with cloud-native identity projects like SPIFFE and Sigstore. Gain insights into existing integrations with Tekton Chains, Jenkins, Gitlab Runners, and rebuiderd from the reproducible builds project. Explore opportunities to participate, collaborate, and implement in-toto to safeguard your own software supply chains. Get a glimpse of ongoing work involving Sigstore, SPDX, GitBOM, and other exciting features in this comprehensive 35-minute presentation by experts Santiago Torres-Arias and Aditya Sirish A Yelgundhalli.
Achieving End-to-End Software Supply Chain Security with in-toto
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Achieving End-To-End Software Supply Chain S... Santiago Torres-Arias & Aditya Sirish A Yelgundhalli
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
In-Toto: Attestations and Software Supply Chain Security
-
Navigating the Software Supply Chain Defense Landscape
-
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
-
In-toto - Securing the Entire Software Supply Chain
-
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
-
Open Source Software Supply Chain Security - Understanding Threats and Best Practices
