Explore the critical importance of software supply chain security in this 19-minute conference talk by Santiago Torres from NYU. Dive into the basics of securing the software development, distribution, and deployment pipeline as attackers increasingly target these processes. Learn about in-toto, a CNCF member project that provides tooling and protocols to verifiably define and secure all steps of the supply chain. Discover how in-toto allows you to specify authorized personnel and ensure that every action aligns with your intentions, offering enhanced security guarantees to you and your customers. Gain insights into how this versatile tool can be applied to strengthen security measures both within and beyond the cloud native ecosystem.
In-toto - Securing the Entire Software Supply Chain
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
in-toto: Securing the Entire Software Supply Chain - Santiago Torres, NYU
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Secure Software Supply Chain for CSSLP®
-
Achieving End-to-End Software Supply Chain Security with in-toto
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
-
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
-
In-Toto: Attestations and Software Supply Chain Security
-
In-Toto: Protecting Software Supply Chain in Cloud Native and Confidential Containers
