Explore the state-of-the-art supply chain security in this 32-minute conference talk from CNCF's KubeCon + CloudNativeCon Europe 2022. Delve into the complementary roles of TUF, in-toto, and SigStore in creating a transparent, hack-proof software supply chain that prevents man-in-the-middle attacks between developers and end-users. Learn about Datadog's pioneering implementation of in-toto and TUF for secure updates, and discover how SigStore's transparent and auditable model enhances publisher accountability. Witness a real-world demonstration of the entire security stack in action through Datadog's integration, and gain insights on easy adoption strategies. The presentation covers key topics including the problem at hand, Six Store, software supply chain intricacies, a practical demo, and a comprehensive security analysis.
State of the Art Supply Chain Security - In-toto, TUF, and SigStore
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
The Problem
Six Store
Software Supply Chain
Demo
Security Analysis
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Developer Security Champion: Supply Chain Security
-
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
-
Securing Your Software Supply Chain with Sigstore
-
Secure Software Supply Chain for CSSLP®
-
Achieving End-to-End Software Supply Chain Security with in-toto
-
Cloud Native Supply Chain Security with Tekton and Sigstore
