In-toto - Securing the Entire Software Supply Chain

Explore the critical importance of software supply chain security in this 19-minute conference talk by Santiago Torres from NYU. Dive into the basics of securing the software development, distribution, and deployment pipeline as attackers increasingly target these processes. Learn about in-toto, a CNCF member project that provides tooling and protocols to verifiably define and secure all steps of the supply chain. Discover how in-toto allows you to specify authorized personnel and ensure that every action aligns with your intentions, offering enhanced security guarantees to you and your customers. Gain insights into how this versatile tool can be applied to strengthen security measures both within and beyond the cloud native ecosystem.

in-toto: Securing the Entire Software Supply Chain - Santiago Torres, NYU