Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Achieving End-to-End Software Supply Chain Security with in-toto

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the latest advancements in software supply chain security with this informative conference talk from KubeCon + CloudNativeCon Europe 2023. Delve into the world of in-toto, a CNCF Incubated project designed to enhance the security of software supply chains. Learn about recent community-driven developments, including improved artifact tracking for Git, GitBOM, SBOMs, and OCI images, as well as expanded attestation types for SLSA provenance and measured execution. Discover how in-toto integrates with cloud-native identity projects like SPIFFE and Sigstore. Gain insights into existing integrations with Tekton Chains, Jenkins, Gitlab Runners, and rebuiderd from the reproducible builds project. Explore opportunities to participate, collaborate, and implement in-toto to safeguard your own software supply chains. Get a glimpse of ongoing work involving Sigstore, SPDX, GitBOM, and other exciting features in this comprehensive 35-minute presentation by experts Santiago Torres-Arias and Aditya Sirish A Yelgundhalli.

Syllabus

Achieving End-To-End Software Supply Chain S... Santiago Torres-Arias & Aditya Sirish A Yelgundhalli

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Achieving End-to-End Software Supply Chain Security with in-toto

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.