Loading…
In-person
1-4 April 2025
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Europe 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in British Summer Time (BST) (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
← Back to schedule
TUF-en up Your Software Supply Chain - Marina Moore, Edera & Kairo De Araujo, Independent
Thursday April 3, 2025 11:45 - 12:15 BST
Platinum Suite | Level 3 | Room 1-2
Has your software distribution gotten overwhelmed with supply chain security metadata? Do you struggle to connect your SBOMs and attestations to images? In this talk we will cover how you can securely distribute your images along with software supply chain metadata for an end-to-end secure software distribution pipeline. We will discuss secure software update and distribution using TUF, and how this ties into other CNCF projects for securing your software supply chain. We will focus on how TUF ensures that images and metadata are current and resilient to tampering, and discuss recent improvements to the project. We will then demo how TUF can be used with in-toto to securely distribute and verify software supply chain metadata and attestations.
Speakers
avatar for Marina Moore

Marina Moore

Research Scientist, Edera
Marina Moore is a Research Scientist at Edera. She is a maintainer of The Update Framework (TUF), a CNCF graduated project that provides secure software update and delivery. She is also a chair of CNCF's TAG Security where she contributes to security assessments and whitepapers, as... Read More →
avatar for Kairo De Araujo

Kairo De Araujo

Open Source Engineer, Independent
Kairo is a Senior Open Source Engineer. Kairo maintains python-tuf and is the author of Repository Service for TUF (RSTUF). His past roles include Senior Open Source Software Engineer at TestifySec, VMware, Senior Software Engineer at IBM, ING, Forescout, and a former System Engineer... Read More →
Thursday April 3, 2025 11:45 - 12:15 BST
Platinum Suite | Level 3 | Room 1-2
  Maintainer Track, The Update Framework (TUF)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link