42:09

Assessing the Risk of Open-source Components Using OpenSSF's Scorecard

The Linux Foundation

38:40

Authenticating Supply-chain Metadata: Building Remote Code Attestations on GitHub

The Linux Foundation

42:50

Dear Security, Compliance, and Auditors, We’re Sorry. Love, DevOps. - Bill Bensing, Red Hat

The Linux Foundation

43:06

GitBOM: Repurposing Git’s Graph for Supply Chain Security & Transparency - Aeva Black & Ed Warnicke

The Linux Foundation

36:28

Github Actions Security Landscape - Alex Ilgayev & Ronen Slavin, Cycode

The Linux Foundation

41:21

Going Beyond Metadata: Why We Need to Think of Adopting Static Analysis in Dependency Tools

The Linux Foundation

28:41

Google SLSA & NIST SSDF: Emerging Software Supply Chain Security Best Practices - Tony Loehr, Cycode

The Linux Foundation

40:38

How Do We Rank Project Risk? - Jacques Chester, Shopify

The Linux Foundation

25:56

Kubernetes Risk Assessment: Time to Go One Level Deeper - Ariel Shuper, Cisco

The Linux Foundation

42:02

Lessons Learned from Automating SLSA-Compliance Evaluation - Daniel Nebenzahl, Scribe-security

The Linux Foundation

8:08

Lightning Talk: Automatically Restrict Permissions for the GITHUB Token - Varun Sharma, StepSecurity

The Linux Foundation

40:56

Managing Application Level SBOMs with Ortelius - Tracy Ragan, DeployHub

The Linux Foundation

32:29

Maslow's Hierarchy of Supply Chain Needs - Josh Bressers, Anchore

The Linux Foundation

41:31

Panel Discussion: How the Business Community is Working to Make the Open Source Software Supply...

The Linux Foundation

44:07

Panel Discussion: Summing Up the Summit: OpenSSF’s May 2022 Gathering and Action Plan

The Linux Foundation

24:29

Purl and Vers: The Mostly Universal Package URL & Version Ranges Identifiers for Dependencies &...

The Linux Foundation

39:58

Reproducible Builds: Unexpected Benefits and Problems - Bernhard M. Wiedemann, SUSE

The Linux Foundation

38:27

Road to SLSA3: Non-falsifiable Provenance in Tekton with SPIFFE/SPIRE - Parth Patel & Brandon Lum

The Linux Foundation

39:35

SBOM Ingestion and Analysis at New York-Presbyterian Hospital - Katie Bratman & Adam Kojak

The Linux Foundation

44:57

Sponsored Session: Because Security Matters: Securing Your Open Source Supply Chain

The Linux Foundation

37:03

Sponsored Session: The Simple, Yet Lethal, Anatomy of a Software Supply Chain Attack

The Linux Foundation

45:47

Sponsored Session: Malicious Package Trends Compared With Malware Evolution - Daniel Elkabes, MEND

The Linux Foundation

40:55

Sponsored Session: Software Supply Chain Threat Landscapes: A Moving Target - Brian Fox, Sonatype

The Linux Foundation

44:57

What Makes A Build Reproducible? - Rose Judge & Joshua Lock, VMware

The Linux Foundation

41:20

What Role Do Package Registries Have in Securing the Supply Chain?

The Linux Foundation