October 25, 2022 | Detroit, Michigan
View More Details & Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2022 - Detroit, MI + Virtual and add this Co-Located event to your registration to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Eastern Daylight Time (EDT), UTC -4. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Tuesday, October 25 • 9:45am - 10:10am
Platform Driven Compliance with Sigstore at Autodesk - Jesse Sanford, Autodesk

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
 Autodesk has a long history of producing software that commercial entities use to build and make the world around us. Trust in our software is critical to our success, and as we move to government sales, that has never been more true. Additionally, Autodesk’s software is now more than ever a hybrid of desktop and cloud based solutions. We must build and deploy software to both end user machines and public clouds. Existing software supply chain solutions must be augmented to meet these new system models and secure them wherever they live. In this talk Jesse Sanford will review how Autodesk is adapting it’s existing CI and CD tooling with the Sigstore project to meet current and future compliance needs. Jesse will speak in detail about the container provenance tracking solution built on Cosign with InToto vuln scanning attestations. A demo of our deployment governance solution will be shown which will block out of policy images from being allowed through the CD pipelines. If there is time, I will go into our future plans to implement a machine Identity solution with SPIRE for keyless signing with Cosign, Fulcio and Rekor.

avatar for Jesse Sanford

Jesse Sanford

Senior Principal Engineer, Autodesk
Jesse is a lifelong software engineer focused on site reliability and Infosec. Currently architecting the juncture of platform engineering and security/compliance for Autodesk's Developer Enablement team. When not in front of a computer, he is a backpacker, sailor and continuously... Read More →

Tuesday October 25, 2022 9:45am - 10:10am EDT
Room 430 A