In-Toto: Protecting Software Supply Chain in Cloud Native and Confidential Containers

Explore the CNCF incubator project In-toto and its application in protecting software supply chains for cloud-native environments and confidential containers. Learn how In-toto ensures software integrity from initiation to end-user installation by providing transparency on executed steps, actors involved, and execution order. Discover how In-toto allows users to verify the legitimacy of supply chain steps and actors, addressing various software supply chain integrity issues. Examine the integration of In-toto with Confidential Containers, another CNCF project leveraging hardware TEE for containerized workloads, to provide trusted metadata for system software within TEEs. Gain insights into In-toto's applicability and its potential to resolve challenges in software supply chain security, using Confidential Containers as a practical use case.

In-Toto: Protecting Software Supply Chain in Cloud Native and Application in Confid... Justin Cappos