In-Toto: Attestations and Software Supply Chain Security
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the latest developments in software supply chain security through this 35-minute conference talk on in-toto, a framework designed to secure software supply chains. Delve into the introduction of the in-toto Attestation framework and its integration with systems like Jenkins, Tekton Chains, Sigstore, and rebuilderd. Learn how in-toto layouts can be used to verify attestations and understand efforts to collate attestation types. Gain insights into recent updates to in-toto implementations, usability enhancements, and integrations with CNCF projects such as Keylime and SPIFFE/SPIRE. Discover how in-toto aligns with SLSA recommendations and its role in GUAC's visualization and processing of metadata.
Syllabus
In-Toto: Attestations and More for Software Supply Chain Security - Aditya Sirish A Yelgundhalli
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Securing Your Infrastructure as Code PipelineLinux Foundation via YouTube Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
Linux Foundation via YouTube Software Supply Chain Security Case Study at Anaconda
Linux Foundation via YouTube Container Security: Supply Chain, Authorization, and Runtime Protection
Docker via YouTube Verifying Software Signatures with TUF and Sigstore
CNCF [Cloud Native Computing Foundation] via YouTube