Explore a comprehensive conference talk on securing software supply chains using in-toto and The Update Framework (TUF). Learn about the alarming increase in software supply chain attacks and discover how these CNCF projects work together to counter threats. Understand the fundamentals of in-toto for creating verifiable attestations about supply chain steps and artifacts, and how TUF secures software repositories against various attacks. Examine a real-world case study demonstrating the combined use of in-toto and TUF, and get introduced to new open-source tools that simplify their joint deployment. Gain valuable insights into protecting your software distribution process and ensuring end-to-end supply chain integrity.
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
Overview
Syllabus
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain - Marina Moore & Aditya Yelgundhalli
Taught by
Linux Foundation
Tags
Related Courses
-
Secure Transport for Your Software Supply Chain with TUF
-
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
-
Navigating the Software Supply Chain Defense Landscape
-
In-Toto: Attestations and Software Supply Chain Security
-
In-Toto: Protecting Software Supply Chain in Cloud Native and Confidential Containers
-
Securing Software Supply Chains with In-Toto
