Overview
Explore the process of building remote code attestations on GitHub to authenticate supply-chain metadata in this 39-minute talk by Asra Ali and Laurent Simon from Google. Learn about the importance of verifying software components and ensuring the integrity of the development pipeline. Discover techniques for implementing secure attestations, enhancing transparency, and mitigating risks in the software supply chain. Gain insights into best practices for maintaining trust and security in open-source projects hosted on GitHub.
Syllabus
Authenticating Supply-chain Metadata: Building Remote Code Attestations on GitHub
Taught by
Linux Foundation