YoVDO

In-Toto: Attestations and Software Supply Chain Security

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Software Supply Chain Security Courses Jenkins Courses Sigstore Courses in-toto Courses SLSA Courses GUAC Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the latest developments in software supply chain security through this 35-minute conference talk on in-toto, a framework designed to secure software supply chains. Delve into the introduction of the in-toto Attestation framework and its integration with systems like Jenkins, Tekton Chains, Sigstore, and rebuilderd. Learn how in-toto layouts can be used to verify attestations and understand efforts to collate attestation types. Gain insights into recent updates to in-toto implementations, usability enhancements, and integrations with CNCF projects such as Keylime and SPIFFE/SPIRE. Discover how in-toto aligns with SLSA recommendations and its role in GUAC's visualization and processing of metadata.

Syllabus

In-Toto: Attestations and More for Software Supply Chain Security - Aditya Sirish A Yelgundhalli


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Securing Your Infrastructure as Code Pipeline
Linux Foundation via YouTube
Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
Linux Foundation via YouTube
Software Supply Chain Security Case Study at Anaconda
Linux Foundation via YouTube
Container Security: Supply Chain, Authorization, and Runtime Protection
Docker via YouTube
Verifying Software Signatures with TUF and Sigstore
CNCF [Cloud Native Computing Foundation] via YouTube