YoVDO

GUAC Verification for Software Supply Chain Security

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Software Supply Chain Security Courses Vulnerability Management Courses Cloud Native Computing Courses Open Policy Agent Courses in-toto Courses SLSA Courses GUAC Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the critical role of up-to-date information in software supply chain security through this conference talk. Delve into the implementation of Executive Order 14028, examining the vast metadata from SBOMs, SLSA attestations, vulnerability information, and in-toto ITE-6 attestations. Learn about projects like GUAC and Trustification for effective data collection and analysis. Discover how to integrate OPA with GUAC to create policies that determine whether artifacts are allowed to run in specific environments based on security assessments. Gain insights into enhancing decision-making processes for software deployment and security compliance in cloud native computing.

Syllabus

You Shall Not Pass! Unless You Are GUAC Verified - Parth Patel, Kusari & Dejan Bosanac, Red Hat


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

A Step Closer to Secure Development: Using in-Toto and OPA Gatekeeper to Verify Artifact Integrity
Linux Foundation via YouTube Achieving End-to-End Software Supply Chain Security with in-toto
CNCF [Cloud Native Computing Foundation] via YouTube Cloud Native Supply Chain Security with Tekton and Sigstore
CNCF [Cloud Native Computing Foundation] via YouTube Demystify Modern Signing: Keys, Certificates, and Envelopes
CNCF [Cloud Native Computing Foundation] via YouTube Enforceable Software Supply Chain Policies and Attestations Using in-Toto
CNCF [Cloud Native Computing Foundation] via YouTube