Presentations for security

Sort by:

Authenticating Supply-chain Metadata: Building Remote Code Attestations on GitHub

Conference: SupplyChainSecurityCon 2022

Authors: Laurent Simon, Asra Ali

2022-06-21

tldr - powered by Generative AI

The presentation discusses the importance of artifact attestation or salsa provenance in ensuring the authenticity of build artifacts and creating strong links between artifacts and their source repositories. It also highlights the various use cases of artifact attestation in the supply chain.

Artifact attestation creates a strong link between build artifacts and their source repositories, ensuring authenticity and enabling the creation of policies.
Artifact attestation can be used to enforce policies at different stages of the supply chain, including control plane, build time, and installation time.
GitHub's dependency API and S-BOM API can benefit from artifact attestation to ensure the authenticity of dependencies and S-BOMs.
Artifact attestation can be used to prove to third parties that S-BOMs are authentic and created without cheating or hiding vulnerabilities.
Artifact attestation can be used for any kind of metadata, including static analysis tool results.

Tags:

remote code attestation

GitHub

workflows

OpenID Connect

software-based attestations

Show 0 Comments

Dates

Author

Conferences

Tags

Authenticating Supply-chain Metadata: Building Remote Code Attestations on GitHub

tldr - powered by Generative AI