Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore software artifact provenance and trust establishment in this 20-minute conference talk from the Linux Foundation's Open Source Summit. Learn why understanding where software artifacts come from and how they were produced is crucial for production environments, moving beyond mere compliance checkboxes to establish genuine trust. Discover the essential questions to ask about software provenance, including artifact origins, production processes, quality checks, and verification methods. Compare provenance details and capabilities across different systems including GitHub Actions, Tekton Chains, and Witness to understand the prerequisites for meaningful provenance verification. Gain practical insights into generating provenance attestations and implementing them for real-world value in production environments, with actionable strategies for using provenance data to make informed decisions about software artifact trustworthiness.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
