Explore a comprehensive conference talk on securing software supply chains using in-toto and The Update Framework (TUF). Learn about the alarming increase in software supply chain attacks and discover how these CNCF projects work together to counter threats. Understand the fundamentals of in-toto for creating verifiable attestations about supply chain steps and artifacts, and how TUF secures software repositories against various attacks. Examine a real-world case study demonstrating the combined use of in-toto and TUF, and get introduced to new open-source tools that simplify their joint deployment. Gain valuable insights into protecting your software distribution process and ensuring end-to-end supply chain integrity.
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
Overview
Syllabus
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain - Marina Moore & Aditya Yelgundhalli
Taught by
Linux Foundation
Tags
Related Courses
-
Secure Transport for Your Software Supply Chain with TUF
-
Navigating the Software Supply Chain Defense Landscape
-
In-Toto: Attestations and Software Supply Chain Security
-
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
-
In-Toto: Protecting Software Supply Chain in Cloud Native and Confidential Containers
-
Achieving End-to-End Software Supply Chain Security with in-toto
