Explore the CNCF incubator project In-toto and its application in protecting software supply chains for cloud-native environments and confidential containers. Learn how In-toto ensures software integrity from initiation to end-user installation by providing transparency on executed steps, actors involved, and execution order. Discover how In-toto allows users to verify the legitimacy of supply chain steps and actors, addressing various software supply chain integrity issues. Examine the integration of In-toto with Confidential Containers, another CNCF project leveraging hardware TEE for containerized workloads, to provide trusted metadata for system software within TEEs. Gain insights into In-toto's applicability and its potential to resolve challenges in software supply chain security, using Confidential Containers as a practical use case.
In-Toto: Protecting Software Supply Chain in Cloud Native and Confidential Containers
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
In-Toto: Protecting Software Supply Chain in Cloud Native and Application in Confid... Justin Cappos
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
-
In-Toto: Attestations and Software Supply Chain Security
-
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
-
In-toto - Securing the Entire Software Supply Chain
-
Securing Software Supply Chains with In-Toto
-
Cloud Native - Protecting Software Supply Chains Using Kyverno
