If your company creates software that manage Software Bill of Material data - SBOMs - then you want to take part of the standardisation of an ECMA standard API for exchanging software transparency artefacts. Join us on November 25th!
http://teaintro.eventbrite.com #SPDX #SBOM #INTOTO #CYCLONEDX #OWASP
Introducing the OWASP Transparency Exchange API (TEA)
The industry needs an automated exchange of software transparency artefacts - SBOM, HBOM, VEX and much more. Join us to learn more!
OpenSSF unveils SBOMit - a tool designed to bolster Software Bills of Materials (#SBOMs) with #InToto #attestations.
This development increases transparency & security in the software development process.
To learn more, read #InfoQ: https://bit.ly/48Q2zf1
#DevOps #DevSecOps #Security
OpenSSF Adds Attestations to SBOMs to Validate How Software is Built
The Open Source Security Foundation (OpenSSF) has recently announced SBOMit, a tool designed to bolster Software Bills of Materials (SBOMs) with in-toto attestations. This development, announced under the OpenSSF Security Tooling Working Group, increases transparency and security in the software development process.
🚨HOT OF THE PRESS: A new episode of my newsletter has just been published on Substack!
⛓in-toto and SLSA•🐙Wolfi OS Package Updates•🐳Docker Builds and Multi-platform• ❌🔑Keyless Signing for GitLab•💃SLSA v1.0 Release•🚨CNCF SLSA Assessments!
#slsa #intoto #cncf #docker #dockerbuild #dockermultiplatform #slsa10
https://open.substack.com/pub/developerguy/p/in-toto-and-slsawolfi-os-package?r=1cevp0&utm_campaign=post&utm_medium=email
⛓ in-toto and SLSA•🐙Wolfi OS Package Updates•🐳 Docker Builds and Multi-platform• ❌🔑 Keyless Signing for GitLab•💃SLSA v1.0 Release•🚨CNCF SLSA Assessments
⛓ A new blog post was published about in-toto and SLSA to give a better understanding of how these two are related to each other! If you are interested in learning more about software supply chain security, most probably most of you have come across the terms in-toto attestations and SLSA provenance. But have you ever ask the question to yourself how these two are related to each other, let’s find out! Thanks to
Very proud to get the opportunity to share how Autodesk is securing our future infrastructure as code pipelines using @Chainguard
#sigstore, @Upbound
#crossplane,
#spiffe /
#spire,
#intoto and @TestifySec
#witness at this years
#OSSummit in Vancouver May 10th-12th!
https://sched.co/1K58k
Open Source Summit North America 2023: Securing Your Infrastructure as Code Pip...
View more about this event at Open Source Summit North America 2023
Excellent blog post by
@colek42c published on
@testifysec website about comparing
#intoto and
@projectsigstore; you will find very niche details about them; don't forget to read it 👇
https://www.testifysec.com/blog/sigstore-vs-in-toto/
Comparing in-toto and Sigstore: Two Approaches to Software Supply Chain Security
As software becomes increasingly essential in our lives and businesses, ensuring its security and integrity is crucial.
OWASP Foundation
InfoQ
devguy 
jessesanford