Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Enforceable Software Supply Chain Policies and Attestations Using in-Toto

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore enforceable software supply chain policies and attestations using in-toto in this 35-minute conference talk presented by Alan Chung Ma and Santiago Torres-Arias from Purdue University. Delve into the importance of capturing metadata to demonstrate supply chain integrity in light of cybersecurity regulations and high-profile attacks like SUNBURST. Learn how CNCF projects such as in-toto and Witness generate machine-verifiable attestations, and understand the role of frameworks like SLSA in guiding attestation generation. Discover specific policies that can defend against notable supply chain attacks, and gain insights into configuring in-toto to mitigate such threats. Examine the TAG-Security catalog of supply chain attacks and their relevance to SLSA specifications and US/EU regulations. Gain valuable knowledge to enhance your organization's software supply chain security and compliance efforts.

Syllabus

Enforceable Software Supply Chain Policies and Attestations Using in-Toto

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Enforceable Software Supply Chain Policies and Attestations Using in-Toto

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.