About the talk
Speakers: Cole Kennedy, Nicole Schwartz
A software supply chain is the set of steps required to test, build, deploy, and assure a software release. Verification of the build policy through a cryptographically attestable process is required to give software artifact consumers the confidence to install software releases on mission-critical systems. The ability to provide verifiable Software Bill of Materials (SBoMs) has become more critical due to the recent executive order. In this talk, we will discuss the current gaps in the open-source eco-systems and demonstrate a proof of concept cryptographically attestable software pipeline with automated certificate issuance utilizing the in-toto and SPIRE projects for GitLab pipelines.
Get in touch with Sales: http://bit.ly/2IygR7z
I work best as a senior individual contributor working across multiple development teams focused on information security at an emerging growth company offering IT based technology or productivity services. I am currently a Senior Product Manager for the GitLab Secure, Composition Analysis group as well as the deputy Chief Operating Officer and Board member for the The Diana Initiative and one of the organizers of SkyTalks at DEF CON. I enjoy speaking and educating people on DevSecOps, Agile, Diversity & Inclusion, and Women in Technology.View the profile
Buy this talk
Buy this video
Our other topics
With ConferenceCast.tv, you get access to our library of the world's best conference talks.