Explore the latest developments in software supply chain security through this 35-minute conference talk on in-toto, a framework designed to secure software supply chains. Delve into the introduction of the in-toto Attestation framework and its integration with systems like Jenkins, Tekton Chains, Sigstore, and rebuilderd. Learn how in-toto layouts can be used to verify attestations and understand efforts to collate attestation types. Gain insights into recent updates to in-toto implementations, usability enhancements, and integrations with CNCF projects such as Keylime and SPIFFE/SPIRE. Discover how in-toto aligns with SLSA recommendations and its role in GUAC's visualization and processing of metadata.
In-Toto: Attestations and Software Supply Chain Security
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
In-Toto: Attestations and More for Software Supply Chain Security - Aditya Sirish A Yelgundhalli
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Achieving End-to-End Software Supply Chain Security with in-toto
-
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
-
Navigating the Software Supply Chain Defense Landscape
-
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
-
Developer Security Champion: Supply Chain Security
-
Secure Release Processes with in-Toto Policy Verification
