In-Toto: Protecting Software Supply Chain in Cloud Native and Confidential Containers
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the CNCF incubator project In-toto and its application in protecting software supply chains for cloud-native environments and confidential containers. Learn how In-toto ensures software integrity from initiation to end-user installation by providing transparency on executed steps, actors involved, and execution order. Discover how In-toto allows users to verify the legitimacy of supply chain steps and actors, addressing various software supply chain integrity issues. Examine the integration of In-toto with Confidential Containers, another CNCF project leveraging hardware TEE for containerized workloads, to provide trusted metadata for system software within TEEs. Gain insights into In-toto's applicability and its potential to resolve challenges in software supply chain security, using Confidential Containers as a practical use case.
Syllabus
In-Toto: Protecting Software Supply Chain in Cloud Native and Application in Confid... Justin Cappos
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Securing Your Infrastructure as Code PipelineLinux Foundation via YouTube Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
Linux Foundation via YouTube Software Supply Chain Security Case Study at Anaconda
Linux Foundation via YouTube Container Security: Supply Chain, Authorization, and Runtime Protection
Docker via YouTube In-Toto: Attestations and Software Supply Chain Security
CNCF [Cloud Native Computing Foundation] via YouTube