Attesting Practically: Exploring the Glue Behind Secure Runtime Environments

Explore the practical applications of attestations in software supply chain security and secure runtime environments in this 40-minute conference talk. Gain insights into using Cosign, in-toto attestations, and VEX documents as connective tissue between scanners and policy engines like Kyverno. Learn how to create secure and auditable runtime environments through an end-to-end demonstration. Discover effective methods for reacting to software security threats, triaging issues, and enabling teams to focus on critical concerns amidst the noise and chaos of the software development landscape.