Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Learn about AMPEL, an open source policy engine designed to address supply chain security challenges in software development. Discover how this multi-purpose tool serves as the missing piece in the supply chain ecosystem by natively understanding in-toto attestations, verifying keyless Sigstore signatures, and comprehending any attestation predicate type. Explore AMPEL's embeddable capabilities that enable it to examine SBOMs and warn about problematic dependencies, interpret security scans to gate builds when vulnerabilities are detected, and prevent artifact publishing when security frameworks aren't met. Understand how AMPEL is building an ecosystem of tools, starting with the bnd attester, that can work across the Software Development Life Cycle (SLDC) to secure CI/CD systems. Examine practical examples demonstrating how AMPEL ensures compliance in hardened pipelines through verifiable evidence, making the wealth of security metadata generated by the supply chain security community finally actionable and useful for developers and organizations seeking to build trustworthy software.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
