Details
New regulations and growing supply chain threats are forcing organizations to prove the integrity of every software artifact they ship. Manual signing and inconsistent DevOps processes cannot keep pace. In this fireside chat, security and engineering leaders explore how teams are automating trust across the SDLC by connecting SBOM provenance, signing, and CI/CD workflows into a unified and scalable release process.
You will learn how modern organizations reduce developer friction, streamline compliance, and create a verifiable chain of custody using centralized governance and automated signing.
We will cover:
Why SBOMs alone are not enough and why signed SBOMs tied to signed artifacts are becoming essential
How automation in CI/CD pipelines eliminates manual signing steps and prevents bypass
Practical ways to embed policy driven signing and provenance into GitHub, GitLab, Jenkins, and other pipelines
Presenters:
Mohan Dattatreya
VP, Engineering, DigiCert
Tom Klein
Senior Director, Digital Trust Specialist, DigiCert
Join Now for More Content & Events
For event and sponsorship inquiries, please email: [email protected]
