[Unconference] gittuf: A Security Layer for Git Repositories

[adityasaky]

Description: gittuf provides a security layer for Git using some concepts introduced by The Update Framework (TUF). Among other features, gittuf handles key management for all developers on the repository, allows you to set permissions for repository branches, tags, files, etc., protects against other attacks Git is vulnerable to, and more — all while being backwards compatible with GitHub, GitLab, etc. gittuf is part of the OpenSSF sandbox. This talk will discuss the state of Git security, gittuf's design, and will include a brief demo of gittuf in action.

Benefits to Ecosystem: gittuf is designed to secure source code stored in Git repositories. In the past, software supply chain attacks have targeted source management systems. gittuf aims to defend against such attacks by encoding security policies that are enforced in a distributed and transparent manner, making policy compliance auditable in the process.

Website: https://gittuf.dev

Repository: https://github.com/gittuf/gittuf

[ragashreeshekar]

Thanks for the submission @adityasaky. Please be invited to present this session at 2:00 - 2:35 PM, Thursday 11/09.

[adityasaky]

Thanks for the opportunity, the unconference was great!

[mrcdb]

@adityasaky could you please share the slides to the unconference talk? thanks

[adityasaky]

Slides: https://docs.google.com/presentation/d/1ZrqqaRA3HHAZQaFKR_bEYcUWy_5nETv3OU3CJppS82c/edit?usp=sharing