Explore the intricacies of deploying and managing a production TUF (The Update Framework) repository in this informative conference talk. Delve into crucial aspects such as root security management, resilience strategies, automation possibilities, and infrastructure requirements. Gain insights from real-world implementations, including GitHub's use of tuf-on-ci for secure artifact updates and the application of Repository Services for TUF (RSTUF) in securing content distribution between public and private repositories. Learn how these approaches enable repository maintainers to ensure robust security while streamlining operations. Discover practical solutions for implementing TUF in various scenarios, from open-source projects to corporate environments using platforms like JFrog Artifactory.
Overview
Syllabus
Operating a Production TUF Repository - Kairo De Araujo, TestifySec & Fredrik Skogman, Github
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
TUF Joins PyPI - Securing Package Delivery with The Update Framework
-
Manage source control
-
Securing Content Distribution with RSTUF, an Incubating OpenSSF Project
-
Maintaining The Update Framework (TUF) - Insights and Contributions
-
PEP 458 - A Solution Not Only for PyPI
-
Secure Transport for Your Software Supply Chain with TUF
