Software Signing for Kubernetes Supply Chain & Everybody Else
Cloud Security Podcast
00:00
GitHub
Solso uses a project called in Toto and it has attestation. And that has lots of cryptographic guarantees building there, like a digest of the particular artifact. So what we can do with S bomb is start to record all of the steps and the individuals in the machines can start to cryptographically sign off to the next person or machine. The trust system on cryptography and six stores able to really nicely interact with these components and look after the sign inside. You can kind of start to automate things using six store tooling.
Play episode from 43:10
Transcript
