Securing the Supply Chain with Witness - Cole Kennedy, TestifySec
Abstract
Witness is a new open-source modular framework for supply chain security. Witness works by making collections of attestations that are bound to the CI process. These attestation collections give administrators trusted sectors on which to enforce policy no matter where the policy enforcement point is. Witness is an implementation of in-toto and integrated with cloud-native security tools such as rekor, spire, cosign and Kubernetes. In this talk we will describe the witness trust model and offer a demonstration of implementation in a CI pipeline.Click here to view captioning/translation in the MeetingPlay platform!