Commit Virtual 2021: Securing the Software Supply Chain with SBOM and Attestation

Speakers: Cole Kennedy, Nicole Schwartz

A software supply chain is the set of steps required to test, build, deploy, and assure a software release. Verification of the build policy through a cryptographically attestable process is required to give software artifact consumers the confidence to install software releases on mission-critical systems. The ability to provide verifiable Software Bill of Materials (SBoMs) has become more critical due to the recent executive order. In this talk, we will discuss the current gaps in the open-source eco-systems and demonstrate a proof of concept cryptographically attestable software pipeline with automated certificate issuance utilizing the in-toto and SPIRE projects for GitLab pipelines.

Get in touch with Sales: http://bit.ly/2IygR7z

source by GitLab

linux foundation