Explore the intricacies of deploying and managing a production TUF (The Update Framework) repository in this informative conference talk. Delve into crucial aspects such as root security management, resilience strategies, automation possibilities, and infrastructure requirements. Gain insights from real-world implementations, including GitHub's use of tuf-on-ci for secure artifact updates and the application of Repository Services for TUF (RSTUF) in securing content distribution between public and private repositories. Learn how these approaches enable repository maintainers to ensure robust security while streamlining operations. Discover practical solutions for implementing TUF in various scenarios, from open-source projects to corporate environments using platforms like JFrog Artifactory.
Overview
Syllabus
Operating a Production TUF Repository - Kairo De Araujo, TestifySec & Fredrik Skogman, Github
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Manage source control
-
Maintaining The Update Framework (TUF) - Insights and Contributions
-
PEP 458 - A Solution Not Only for PyPI
-
The Update Framework (TUF) Maintainer Panel: Integrations, Enhancements, and Supply Chain Security
-
Secure Transport for Your Software Supply Chain with TUF
-
Securing Content Repositories with The Update Framework (TUF)
