Techly NewsGet the app

Get the latest tech news

Securing Git Repositories with Gittuf


The so-called software supply chain starts with source code. But most security measures and tooling don't kick in until source is turned into an artifact—a source tarball, binary build, container image, or other method of delivering a release to users. The gittuf project is an attempt to provide a security layer for Git that can handle key management, enforce security policies for repositories, and guard against attacks at the version-control layer. At Open Source Summit North America (OSSNA), Aditya Sirish A Yelgundhalli and Billy Lynch presented an introduction to gittuf with an overview of its goals and status.

At Open Source Summit North America (OSSNA), Aditya Sirish A Yelgundhalli and Billy Lynch presented an introduction to gittuf with an overview of its goals and status. More and more frequently, he said, organizations are pulling source directly into continuous-integration / continuous-delivery (CI/CD) pipelines without the kind of protections we have for, say, container images or software packages. "It gets a lot of things right in [the] context of handling key distribution, rotation, and revocation" as well as providing a model for delegating trust from one user to another.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Gittuf

Gittuf

« Hong Kong Government seeks to remove protest anthem from the entire internet
Arm Gives Tepid Annual Revenue Forecast »