Where Does Your Software Really Come From - Artifact Attestations and Open Source Verification
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the critical issue of software component origins in this 36-minute conference talk by Trevor Rosen from GitHub. Delve into the challenges of identifying the true sources and build processes of open source library dependencies. Learn about GitHub's collaborative efforts with the open source community to address this problem through the development of Artifact Attestations. Discover how this new capability, now in public beta for all GitHub repositories, creates an unforgeable paper trail for open source software, verifiable using the gh CLI tool. Gain insights into GitHub's role in establishing a new signing authority for the open source world and its potential impact on fostering a culture of transparency in software provenance.
Syllabus
Where Does Your Software (Really) Come from? - Trevor Rosen, GitHub
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Introduction to Agile Software Development: Tools & TechniquesUniversity of California, Berkeley via edX Advanced Topics and Techniques in Agile Software Development
University of California, Berkeley via edX The Data Scientist’s Toolbox
Johns Hopkins University via Coursera How to Use Git and GitHub
Udacity Desarrollo de Videojuegos 3D en Unity: Una Introducción
Universidad de los Andes via Coursera