Platform Driven Compliance with Sigstore at Autodesk

Explore a conference talk on how Autodesk leverages Sigstore to enhance platform-driven compliance. Discover Autodesk's journey in adapting their CI/CD tooling to meet current and future compliance needs, particularly as they expand into government sales. Learn about their container provenance tracking solution built on Cosign with InToto vulnerability scanning attestations. Witness a demonstration of Autodesk's deployment governance solution, designed to block non-compliant images from progressing through CD pipelines. Gain insights into Autodesk's future plans for implementing a machine identity solution using SPIRE for keyless signing with Cosign, Fulcio, and Rekor. Understand how these innovations help Autodesk maintain trust in their software across both desktop and cloud-based solutions.