YoVDO

Securing Your Infrastructure as Code Pipeline

Offered By: Linux Foundation via YouTube

Tags

Infrastructure as Code Courses Compliance Courses Static Analysis Courses RBAC Courses Platform Engineering Courses Sigstore Courses Open Policy Agent Courses Crossplane Courses in-toto Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the security and compliance benefits of implementing a uniform platform interface for Infrastructure as Code (IaC) solutions in this 33-minute conference talk by Jesse Sanford from Autodesk. Learn how to achieve a strong separation of concerns between platform engineers and product teams, enabling the integration of common fundamentals and non-negotiables. Discover how to enforce guard rails using static analysis tools and RBAC to create walled garden ecosystems of trusted IaC. Gain insights into Autodesk's cloud deployment platform capabilities, including the use of Open Policy Agent, in-toto, Sigstore's suite, Crossplane, and other tools. Understand how to structure CI and CD systems for inspectable, verifiable, and trustable IaC pipelines. Delve into topics such as cryptographically verifiable IaC package signing, static analysis of IaC plans, and deploy-time policy enforcement. Acquire knowledge of open-source tools and patterns that can enhance both velocity and safety in platform engineering.

Syllabus

Securing Your Infrastructure as Code Pipeline - Jesse Sanford, Autodesk


Taught by

Linux Foundation

Tags

Related Courses

Toto-Ally TUF: Simple Tools for a Secure Software Supply Chain
Linux Foundation via YouTube
Software Supply Chain Security Case Study at Anaconda
Linux Foundation via YouTube
Container Security: Supply Chain, Authorization, and Runtime Protection
Docker via YouTube
In-Toto: Attestations and Software Supply Chain Security
CNCF [Cloud Native Computing Foundation] via YouTube
Verifying Software Signatures with TUF and Sigstore
CNCF [Cloud Native Computing Foundation] via YouTube