Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Sign, Attest, and Verify - A Practical Guide for Software Supply Chain Security

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore a practical guide for software supply chain security in this 31-minute conference talk by Anushka Mittal and Vishal Choudhary from Nirmata. Delve into the importance of signing, attesting, and verifying artifacts in the wake of prominent attacks like SolarWinds and Log4J. Learn how the OSS community is addressing concerns related to image integrity, security, and compliance at scale. Discover the role of the OCI v1.1 Spec's referrers API in associating software supply chain artifacts with container images. Examine the Notary Project's cross-industry standards for securing software supply chains through signing, verification, signature portability, and key/certificate management. Understand how CNCF policy engines like Kyverno can leverage supply chain artifact data to apply security checks during Kubernetes cluster admission control. Gain insights into how CNCF projects such as Kyverno and Notary enhance software supply chain security, enforce image trust, and prevent untrusted image deployment, ensuring integrity, security, and compliance at scale.

Syllabus

Sign, Attest, and Verify! A Practical Guide for Software Supply...-Anushka Mittal & Vishal Choudhary

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Sign, Attest, and Verify - A Practical Guide for Software Supply Chain Security

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.