YoVDO

In-Toto: Attestations and Software Supply Chain Security

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Software Supply Chain Security Courses Jenkins Courses Sigstore Courses in-toto Courses SLSA Courses GUAC Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the latest developments in software supply chain security through this 35-minute conference talk on in-toto, a framework designed to secure software supply chains. Delve into the introduction of the in-toto Attestation framework and its integration with systems like Jenkins, Tekton Chains, Sigstore, and rebuilderd. Learn how in-toto layouts can be used to verify attestations and understand efforts to collate attestation types. Gain insights into recent updates to in-toto implementations, usability enhancements, and integrations with CNCF projects such as Keylime and SPIFFE/SPIRE. Discover how in-toto aligns with SLSA recommendations and its role in GUAC's visualization and processing of metadata.

Syllabus

In-Toto: Attestations and More for Software Supply Chain Security - Aditya Sirish A Yelgundhalli


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Ketchup, Mustard, and Relish of Software Supply Chain Security - Panel Discussion
Linux Foundation via YouTube SLSA in Action: Securing the Software Supply Chain
Linux Foundation via YouTube Securing Your Supply Chain by Building with FRSCA
Linux Foundation via YouTube Open Tools for Secure Supply Chains in Kubernetes - From Release Engineering
Linux Foundation via YouTube Google SLSA and NIST SSDF - Emerging Software Supply Chain Security Best Practices
Linux Foundation via YouTube