Fresh SLSA and GUAC - Understanding Open Source Package Risks and Transparency
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the complexities of open source software supply chain security in this 40-minute conference talk by Michael Lieberman from Kusari and Melissa McKay from JFrog. Delve into the challenges of managing and securing the vast ecosystem of open source repositories and packages. Learn to assess the safety of packages and their dependencies, and understand the risks associated with increasing transitive dependency complexity. Discover how to leverage open source tools, services, specifications, and best practices such as GUAC, SLSA, OSV, SBOMs, S2C2F, deps.dev, and scorecard to track, understand, and make informed decisions about the software you use and depend on. Gain insights into de-risking your use of open source packages and improving transparency in your software supply chain.
Syllabus
Fresh SLSA and GUAC Starts with Knowing Your Ingredients - Michael Lieberman & Melissa McKay
Taught by
Linux Foundation
Tags
Related Courses
In-Toto: Attestations and Software Supply Chain SecurityCNCF [Cloud Native Computing Foundation] via YouTube Spicing up Container Image Security with SLSA and GUAC
CNCF [Cloud Native Computing Foundation] via YouTube Cloud Native Security Landscape - Myths, Dragons, and Real Talk
CNCF [Cloud Native Computing Foundation] via YouTube Enforcing Supply Chain Security and Simplifying Compliance Audit for ArgoCD Deployments
CNCF [Cloud Native Computing Foundation] via YouTube Software Supply Chain Security for Those in a Rush
Devoxx via YouTube