Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

In-Toto: Attestations and Software Supply Chain Security

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the latest developments in software supply chain security through this 35-minute conference talk on in-toto, a framework designed to secure software supply chains. Delve into the introduction of the in-toto Attestation framework and its integration with systems like Jenkins, Tekton Chains, Sigstore, and rebuilderd. Learn how in-toto layouts can be used to verify attestations and understand efforts to collate attestation types. Gain insights into recent updates to in-toto implementations, usability enhancements, and integrations with CNCF projects such as Keylime and SPIFFE/SPIRE. Discover how in-toto aligns with SLSA recommendations and its role in GUAC's visualization and processing of metadata.

Syllabus

In-Toto: Attestations and More for Software Supply Chain Security - Aditya Sirish A Yelgundhalli

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of In-Toto: Attestations and Software Supply Chain Security

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.