Platform Driven Compliance with Sigstore at Autodesk
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore a conference talk on how Autodesk leverages Sigstore to enhance platform-driven compliance. Discover Autodesk's journey in adapting their CI/CD tooling to meet current and future compliance needs, particularly as they expand into government sales. Learn about their container provenance tracking solution built on Cosign with InToto vulnerability scanning attestations. Witness a demonstration of Autodesk's deployment governance solution, designed to block non-compliant images from progressing through CD pipelines. Gain insights into Autodesk's future plans for implementing a machine identity solution using SPIRE for keyless signing with Cosign, Fulcio, and Rekor. Understand how these innovations help Autodesk maintain trust in their software across both desktop and cloud-based solutions.
Syllabus
Platform Driven Compliance with Sigstore at Autodesk - Jesse Sanford, Autodesk
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Securing Your Software Supply Chain with SigstoreLinux Foundation via edX Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Rawkode Academy via YouTube Protecting the World's Greatest Open Source Ecosystem with Sigstore
Devoxx via YouTube PGP vs Sigstore - The Match at Maven Central
Devoxx via YouTube Securing Your Infrastructure as Code Pipeline
Linux Foundation via YouTube