Attending this event?
June 26-27, 2024 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2024 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Daylight Time (PDT), UTC -7. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Thursday, June 27 • 1:55pm - 2:30pm
Where Does Your Software (Really) Come from? - Trevor Rosen, GitHub

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

For decades, we’ve been building things with open source library dependencies, but most of the time, **we’re not 100% certain where those components actually originate** or how they were built.  Over the past two years, GitHub has been working hand-in-hand with the open source community to attack this problem. In this talk, we’ll take you inside the effort to build a brand-new capability that is now in public beta for all repos on GitHub: Artifact Attestations. Thanks to hard work from Hubbers and contributors to projects like Sigstore, SLSA, and in-toto, creators of open source software can create an unforgeable paper trail for anything they build on GitHub, verifiable anywhere via the gh CLI tool. Learn all about the work that GitHub has done to create a new signing authority for the OSS world and the impact that we intend to have in bringing about a much-needed cultural shift towards always knowing where your software comes from.

avatar for Trevor Rosen

Trevor Rosen

Engineering Director, GitHub
Trevor Rosen is the founder of the Package Security team at GitHub, focused on improving supply chain integrity. He has extensive experience in practical information security with a particular focus CI/CD systems. A veteran of the SolarWinds attack and subsequent response, Trevor... Read More →

Thursday June 27, 2024 1:55pm - 2:30pm PDT
Feedback form isn't open yet.