Where Does Your Software Really Come From - Artifact Attestations and Open Source Verification
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the critical issue of software component origins in this 36-minute conference talk by Trevor Rosen from GitHub. Delve into the challenges of identifying the true sources and build processes of open source library dependencies. Learn about GitHub's collaborative efforts with the open source community to address this problem through the development of Artifact Attestations. Discover how this new capability, now in public beta for all GitHub repositories, creates an unforgeable paper trail for open source software, verifiable using the gh CLI tool. Gain insights into GitHub's role in establishing a new signing authority for the open source world and its potential impact on fostering a culture of transparency in software provenance.
Syllabus
Where Does Your Software (Really) Come from? - Trevor Rosen, GitHub
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld SystemsVanderbilt University via Coursera Engineering Maintainable Android Apps
Vanderbilt University via Coursera Software Design as an Element of the Software Development Lifecycle
University of Colorado System via Coursera Secure Software Development
Pluralsight Secure Software Concepts for CSSLPĀ®
Pluralsight