September 19-21, 2023
Bilbao, Spain
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time (UTC/GMT +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Thursday, September 21 • 15:55 - 16:35
Growing the Chain: Trusting Build Provenance from Userspace - Billy Lynch, Chainguard

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Many tools like Cosign, npm, Goreleaser, and more are adding capabilities to make it easier to sign packages and artifacts in CI/CD workflows. However, generating provenance and attestations from user pipelines can be a source of risk - how do we trust that jobs configured by users are producing accurate information? In this talk, we'll look at how we can build a chain of trust that links artifacts, to CI configuration, to the build services that run them. You'll learn how open source technologies like Sigstore and OIDC make this work possible, what CI providers and users need to establish this trust, and examples in the wild that do this to establish trust for their builds.

avatar for Billy Lynch

Billy Lynch

Staff Software Engineer, Chainguard
Billy is a staff software engineer at Chainguard, working on developer tools and securing software supply chains for everyone! He is an active contributor and maintainer to the Sigstore and Tekton projects, and is the creator of gitsign. Prior to working at Chainguard, Billy worked... Read More →

Thursday September 21, 2023 15:55 - 16:35 CEST
Room 0E-1 (Floor 0)