Learn how to enforce secure software release processes through in-toto policy verification in this 33-minute conference talk from CNCF. Discover how attestations created for each development step provide verifiable evidence of compliance, and explore recent community enhancements to in-toto layouts for policy enforcement. Master the creation of flexible policies for various software development lifecycle processes, from initial code commits to production releases. Examine practical approaches to verifying attestations across multiple areas including code reviews, SBOM integrity, testing procedures, vulnerability scanning, and build provenance using SLSA standards. Gain valuable insights into implementing compliant and secure software development processes that meet organizational requirements.
Secure Release Processes with in-Toto Policy Verification
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Secure Release Processes with in-Toto Policy Verificati... John Kjell & Aditya Sirish A Yelgundhalli
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
In-Toto: Attestations and Software Supply Chain Security
-
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
-
Achieving End-to-End Software Supply Chain Security with in-toto
-
A Step Closer to Secure Development: Using in-Toto and OPA Gatekeeper to Verify Artifact Integrity
-
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
-
Enforceable Supply Chain Security Policy with OPA Gatekeeper and Ratify
