Loading…
June 23 - 25, 2025
Denver, Colorado
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Mountain Daylight Time (UTC/GMT -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Not Just Ticking a Box ☑️ Establishing Trust in Artifacts with Provenance 🔐🔗 - Andrew McNamara & Ralph Bean, Red Hat
Wednesday June 25, 2025 12:15pm - 12:35pm MDT
Bluebird Ballroom 3B
When you buy something, you might want to know where it was assembled and where its parts came from. Depending on how thorough you are, you might want to know more details about the process. Did it meet some organic criteria? Which quality inspector assessed it? Depending on where you live in the world, you get some human readable version of that information stamped on your packaging or included on the box today.

When you consume a software artifact in production, you might want to know its *provenance*.

In this talk, we’ll explore the activity of checking provenance as a gate to production and look at questions you might want to ask. Where is this artifact from, how was it produced, what checks ran against it, who claims these facts anyways, and more. We’ll look at pre-requisites necessary to answer those kinds of questions by comparing the provenance details exposed by systems like Github Actions, Tekton Chains, and Witness.

Join us for this dive into provenance details and tools. You’ll come away with ideas on both why you should generate provenance attestations and how you can use them to do actually valuable things in the real world - not just tick a compliance checkbox.
Speakers
avatar for Ralph Bean

Ralph Bean

Software Engineer, Red Hat
Ralph is an engineer at Red Hat and member of the Konflux Governance Committee. He's happiest when learning new things, the open source way.
avatar for Andrew McNamara

Andrew McNamara

Senior Principal Software Engineer, Red Hat
Andrew McNamara is passionate about usable CI/CD, security, and DevSecOps, drawing from his experience of building and shipping containerized software at IBM and Red Hat. As a SLSA maintainer, Andrew is helping people identify how to approach and understand supply chain security... Read More →
Wednesday June 25, 2025 12:15pm - 12:35pm MDT
Bluebird Ballroom 3B
  cdCon

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Need help? View Support Guides
Event questions? Contact Event Planner
Powered by Sched Event Planning App
©2025 Sched About Privacy Terms
Share Modal

Share this link via

Or copy link