Skip to content

Commit 1dbeb0a

Browse files
st3pentast3penta
authored
Merge pull request #494 from st3penta/add-provenance-article
Add post on Konflux provenance in Resources page
2 parents 4a59ccf + a4faa2c commit 1dbeb0a

File tree

1 file changed

+17
-2
lines changed

1 file changed

+17
-2
lines changed

website/content/resources/_index.md

Lines changed: 17 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ title: Resources
44

55
Whether you're just getting started with supply chain security or looking to deepen your understanding of policy enforcement in container workflows, these resources provide valuable insights from industry experts and real-world implementations.
66

7-
These conference presentations, demos, and educational videos showcase how organizations are using Conforma to secure their software supply chains.
7+
These conference presentations, demos, educational videos and articles showcase how organizations are using Conforma to secure their software supply chains.
88

99
## Enforcing Organization Policies with Enterprise Contract
1010

@@ -91,4 +91,19 @@ This presentation showcases how Konflux integrates with Conforma to provide both
9191
- Overview of modern supply chain threats in open-source software
9292
- Introduction to Konflux for secure and automated CI
9393
- Demo: onboarding, testing, vulnerability scanning, and custom policy-based gating (via Conforma)
94-
- Empowering teams to shift left on security through policy-driven pipelines
94+
- Empowering teams to shift left on security through policy-driven pipelines
95+
96+
## How we use software provenance at Red Hat
97+
98+
**Author:** Ralph Bean, Red Hat
99+
**Format:** Article
100+
**Link:** [Read on developers.redhat.com](https://developers.redhat.com/articles/2025/05/15/how-we-use-software-provenance-red-hat)
101+
102+
This article explores how Red Hat's Konflux platform uses software provenance to establish trust in build processes. Key topics include:
103+
104+
- Understanding software provenance and in-toto attestations
105+
- The neutral observer/attester pattern for verifiable build records
106+
- How Conforma validates artifacts through policy-based verification
107+
- Practical examples of attestation data and usage
108+
109+
*Ideal for developers looking to understand how detailed provenance tracking enables trustworthy software supply chains.*

0 commit comments

Comments
 (0)