In-Toto: Attestations and Software Supply Chain Security
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the latest developments in software supply chain security through this 35-minute conference talk on in-toto, a framework designed to secure software supply chains. Delve into the introduction of the in-toto Attestation framework and its integration with systems like Jenkins, Tekton Chains, Sigstore, and rebuilderd. Learn how in-toto layouts can be used to verify attestations and understand efforts to collate attestation types. Gain insights into recent updates to in-toto implementations, usability enhancements, and integrations with CNCF projects such as Keylime and SPIFFE/SPIRE. Discover how in-toto aligns with SLSA recommendations and its role in GUAC's visualization and processing of metadata.
Syllabus
In-Toto: Attestations and More for Software Supply Chain Security - Aditya Sirish A Yelgundhalli
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Securing Your Software Supply Chain with SigstoreLinux Foundation via edX A Beginner's View of Public Instances
OpenSSF via YouTube Achieving End-to-End Software Supply Chain Security with in-toto
CNCF [Cloud Native Computing Foundation] via YouTube An Introduction to Sigstore for Pythonistas
DevConf via YouTube Bringing Provenance to Open Source - Lessons from Npm's Sigstore Integration
Linux Foundation via YouTube