Explore the process of building remote code attestations on GitHub to authenticate supply-chain metadata in this 39-minute talk by Asra Ali and Laurent Simon from Google. Learn about the importance of verifying software components and ensuring the integrity of the development pipeline. Discover techniques for implementing secure attestations, enhancing transparency, and mitigating risks in the software supply chain. Gain insights into best practices for maintaining trust and security in open-source projects hosted on GitHub.
Authenticating Supply-chain Metadata - Building Remote Code Attestations on GitHub
Overview
Syllabus
Authenticating Supply-chain Metadata: Building Remote Code Attestations on GitHub
Taught by
Linux Foundation
Tags
Related Courses
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
-
GitHub Supply Chain Security Using GitGat
-
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
-
In-Toto: Attestations and Software Supply Chain Security
-
Zero-Trust Supply Chain Security with Sigstore, TektonCD and SPIFFE
-
Demystify Secure Software Supply Chain Metadata
