Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Where Does Your Software Really Come From - Artifact Attestations and Open Source Verification

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the critical issue of software component origins in this 36-minute conference talk by Trevor Rosen from GitHub. Delve into the challenges of identifying the true sources and build processes of open source library dependencies. Learn about GitHub's collaborative efforts with the open source community to address this problem through the development of Artifact Attestations. Discover how this new capability, now in public beta for all GitHub repositories, creates an unforgeable paper trail for open source software, verifiable using the gh CLI tool. Gain insights into GitHub's role in establishing a new signing authority for the open source world and its potential impact on fostering a culture of transparency in software provenance.

Syllabus

Where Does Your Software (Really) Come from? - Trevor Rosen, GitHub

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Where Does Your Software Really Come From - Artifact Attestations and Open Source Verification

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.