Enforceable Software Supply Chain Policies and Attestations Using in-Toto
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore enforceable software supply chain policies and attestations using in-toto in this 35-minute conference talk presented by Alan Chung Ma and Santiago Torres-Arias from Purdue University. Delve into the importance of capturing metadata to demonstrate supply chain integrity in light of cybersecurity regulations and high-profile attacks like SUNBURST. Learn how CNCF projects such as in-toto and Witness generate machine-verifiable attestations, and understand the role of frameworks like SLSA in guiding attestation generation. Discover specific policies that can defend against notable supply chain attacks, and gain insights into configuring in-toto to mitigate such threats. Examine the TAG-Security catalog of supply chain attacks and their relevance to SLSA specifications and US/EU regulations. Gain valuable knowledge to enhance your organization's software supply chain security and compliance efforts.
Syllabus
Enforceable Software Supply Chain Policies and Attestations Using in-Toto
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Securing Your Infrastructure as Code PipelineLinux Foundation via YouTube Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
Linux Foundation via YouTube Software Supply Chain Security Case Study at Anaconda
Linux Foundation via YouTube Container Security: Supply Chain, Authorization, and Runtime Protection
Docker via YouTube In-Toto: Attestations and Software Supply Chain Security
CNCF [Cloud Native Computing Foundation] via YouTube