[$] Securing Git repositories with gittuf
Date:
Wed, 08 May 2024 16:11:47 +0000
Description:
The so-called software supply chain starts with source code. But most
security measures and tooling
don't kick in until source is turned into an artifacta source
tarball, binary build, container image, or other method of delivering a
release to users. The gittuf project
is an attempt to provide a security layer for Git that can handle key management,
enforce security policies for repositories, and guard against attacks
at the version-control layer. At Open Source Summit North America (OSSNA), Aditya Sirish A
Yelgundhalli and Billy Lynch presented an introduction to gittuf with an overview of its goals and
status.
======================================================================
Link to news story:
https://lwn.net/Articles/972467/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)