A Step Closer to Secure Development: Using in-Toto and OPA Gatekeeper to Verify Artifact Integrity
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore secure software development practices in this 45-minute conference talk from the Linux Foundation. Learn how to verify artifact integrity throughout the software supply chain using in-toto and OPA Gatekeeper. Discover the benefits of automating development processes from 'git commit' to 'kubectl apply' while addressing security concerns. Examine the risks associated with various automation implementations and understand the importance of maintaining consistency and security. Gain insights into in-toto's pioneering frameworks and tools, including subprojects Witness and Archivista, designed to secure software development, building, testing, and packaging. Follow an end-to-end demonstration of securely developing container images for Kubernetes using these tools in conjunction with Open Policy Agent's admission controller, Gatekeeper.
Syllabus
A Step Closer to in-Toto’lly Secure: Using in-Toto and OPA Gatekeeper...- Tom Meadows & John Kjell
Taught by
Linux Foundation
Tags
Related Courses
A Confidential Story of Well-Kept Secrets - Secure Secret Management in KubernetesCNCF [Cloud Native Computing Foundation] via YouTube Designing and Securing Multi-Tenant Runtime Environment at The New York Times
Linux Foundation via YouTube DevOps All the Things - Creating a Pipeline to Validate Your OPA Policies
CNCF [Cloud Native Computing Foundation] via YouTube Enforceable Supply Chain Security Policy with OPA Gatekeeper and Ratify
CNCF [Cloud Native Computing Foundation] via YouTube Enforceable Supply Chain Security Policy with OPA Gatekeeper and Ratify
Linux Foundation via YouTube