Loading…
OpenSSF Community Day Japan 2025
June 18, 2025 | Tokyo, Japan
Learn More and Register To Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for OpenSSF Community Day Japan 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Japan Standard Time. To see the schedule in your preferred timezone, please select it from the drop-down menu at the bottom to the right.

The schedule is subject to change.
← Back to schedule
True Security: Unforgeable Baseline Compliance - Adolfo García Veytia, Carabiner Systems & Carlos Tadeu Panato Junior, Chainguard
Wednesday June 18, 2025 10:50 - 11:10 JST
Apollon A
A year ago, with input from projects across different foundations, we set on a mission to delineate a minimum set of security requirements that could realistically be implemented by open source projects. No matter their size.

Thus, the Open Source Project Security Baseline was born.

With the Baseline maturing rapidly, it's time to check and enforce its requirements! For the Baseline to provide true security, cryptographically secure evidence has to be produced by projects that can, in turn, be tied to commits and built software artifacts.

Enter attestations!

By leveraging the In-Toto attestation framework and the Sigstore transparency log, this talk will show how to achieve unforgeable OSPS Baseline compliance through attested evidence that can securely be associated with repos, binaries, and container images.

It all sounds harder than it is. The talk will feature practical ways of achieving high compliance levels with only a handful of attestations from the OpenSSF family of tools, showing alternatives for each requirement.

The talk will conclude with an enforcement example, gating on build and deployment processes when repos and artifacts are not Baseline compliant.
Speakers
avatar for Carlos Panato

Carlos Panato

Staff Software Engineer, Chainguard
Carlos Panato (@cpanato) is a Staff Software Engineer at Chainguard, Inc., specializing in development and infrastructure with Kubernetes and containers. He has a diverse background in development, testing, processes, and management. Carlos actively contributes to several Linux Foundation... Read More →
avatar for Adolfo García Veytia

Adolfo García Veytia

Principal Software Engineer / Cofounder, Carabiner Systems
Adolfo García Veytia (@puerco) is a software engineer with Carabiner Systems. He is one of the Kubernetes SIG Release Technical Leads, actively working with the Release Engineering team, improving the software that drives the automation behind the Kubernetes release process. He is... Read More →
Wednesday June 18, 2025 10:50 - 11:10 JST
Apollon A
  20 Minute Presentations

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Need help? View Support Guides
Event questions? Contact Event Planner
©2025 Sched About Privacy Terms
Share Modal

Share this link via

Or copy link