GUAC Verification for Software Supply Chain Security
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the critical role of up-to-date information in software supply chain security through this conference talk. Delve into the implementation of Executive Order 14028, examining the vast metadata from SBOMs, SLSA attestations, vulnerability information, and in-toto ITE-6 attestations. Learn about projects like GUAC and Trustification for effective data collection and analysis. Discover how to integrate OPA with GUAC to create policies that determine whether artifacts are allowed to run in specific environments based on security assessments. Gain insights into enhancing decision-making processes for software deployment and security compliance in cloud native computing.
Syllabus
You Shall Not Pass! Unless You Are GUAC Verified - Parth Patel, Kusari & Dejan Bosanac, Red Hat
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
In-Toto: Attestations and Software Supply Chain SecurityCNCF [Cloud Native Computing Foundation] via YouTube Spicing up Container Image Security with SLSA and GUAC
CNCF [Cloud Native Computing Foundation] via YouTube Cloud Native Security Landscape - Myths, Dragons, and Real Talk
CNCF [Cloud Native Computing Foundation] via YouTube Enforcing Supply Chain Security and Simplifying Compliance Audit for ArgoCD Deployments
CNCF [Cloud Native Computing Foundation] via YouTube Software Supply Chain Security for Those in a Rush
Devoxx via YouTube