Securing the Software Supply Chain with the in-toto and SPIRE projects - Cole Kennedy & Mikhail Swift BoxBoat Technologies

less than 1 minute read

Abstract

A software supply chain is the set of steps required to test, build, deploy, and assure a software release. Verification of the build policy through a cryptographically attestable process is required to give software artifact consumers the confidence to install software releases on mission-critical systems. In this talk, we will discuss the current gaps in the open-source eco-systems and demonstrate a cryptographically attestable software pipeline with automated certificate issuance.

Sched URL

Video

Share on

Twitter Facebook LinkedIn

About

Conferences

Securing the Software Supply Chain with the in-toto and SPIRE projects - Cole Kennedy & Mikhail Swift BoxBoat Technologies

Abstract

Video

Share on

You May Also Enjoy

Why Perfect Compliance Is the Enemy of Good Kubernetes Security - Michele Chubirka, Google

The Policy Engines Showdown - Gabriel L. Manor, Permit.io; Andres Aguiar, Okta; Omri Gazitt, Aserto; Pauline Jamin, Agicap; Tyler Schade, Geico; Joy Scharmen, StrongDM

Seccomp and eBPF; What’s the Difference? Why Do I Need to Know? - Natalia Reka Ivanko & Duffie Cooley, Isovalent @ Cisco

SPIFFE the Easy Way: Universal X509 and JWT Identities Using cert-manager - Tim Ramlot & Ashley Davis, Venafi