Provenance and deployment policy

A trusted source of artifacts (such as RPMs and jar) combined with enough signed metadata provides basic provenance. With the evolution of container technology, there are multiple new vectors for tracking the provenance of your artifacts. From signing and scanning to building and promoting, tracking must integrate.

In this BoF, learn how Red Hat is working with upstream artifact metadata API Grafeas to create a solution. We'll share upcoming technology and invite your feedback and participation.

  • Date:Wednesday, May 9
  • Time:3:30 PM - 4:15 PM
  • Room:2102
  • Location:Moscone West - 2102
  • Session Type:Birds of a feather
  • Session Code:B1048
  • Best for people who:Build applications, Design application/system architectures
  • Industry:
  • Session Includes:None of the above
  • Topic(s):Application delivery, Containers, Security, Office of the CTO
  • Products and Services:Community project(s), Red Hat Cloud Infrastructure, Red Hat OpenShift Container Platform
  • Technical difficulty:Appropriate for all levels
  • Primary solution:Cloud computing
  • Time slot:Afternoon
  • Trail maps:From the office of the CTO
Vincent Batts
Red Hat