Secure Release Processes with in-Toto Policy Verification
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Learn how to enforce secure software release processes through in-toto policy verification in this 33-minute conference talk from CNCF. Discover how attestations created for each development step provide verifiable evidence of compliance, and explore recent community enhancements to in-toto layouts for policy enforcement. Master the creation of flexible policies for various software development lifecycle processes, from initial code commits to production releases. Examine practical approaches to verifying attestations across multiple areas including code reviews, SBOM integrity, testing procedures, vulnerability scanning, and build provenance using SLSA standards. Gain valuable insights into implementing compliant and secure software development processes that meet organizational requirements.
Syllabus
Secure Release Processes with in-Toto Policy Verificati... John Kjell & Aditya Sirish A Yelgundhalli
Taught by
CNCF [Cloud Native Computing Foundation]