Create Conforma Resources Hub

This commit creates a new website section where we can collect all the
Conference presentations and resources that talk about Conforma.

I also reworded the blog post i made today to remove some duplication,
so that now it only presents the new page and points readers to it.

Author: st3penta

website/config/_default/menu.toml

@@ -9,12 +9,12 @@
     weight = 11
 
   [[main]]
-    name = 'Contribute'
-    url = '/contribute'
+    name = 'Documentation'
     weight = 12
 
   [[main]]
-    name = 'Documentation'
+    name = 'Contribute'
+    url = '/contribute'
     weight = 13
 
   [[main]]
@@ -45,6 +45,12 @@
     name = 'Policies'
     parent = 'Documentation'
     url = '/docs/policy/release_policy.html'
+    weight = 50
+
+  [[main]]
+    name = 'Resources'
+    parent = 'Documentation'
+    url = '/resources'
     weight = 60
 
   [[main]]

website/content/contribute/_index.md

@@ -1,3 +1,4 @@
 ---
-kind: page
+layout: contribute
 ---
+

website/content/posts/conforma-resources-and-presentations.md

@@ -0,0 +1,25 @@
+---
+title: "Introducing Our Comprehensive Resources Page"
+date: 2025-07-23T13:00:41+02:00
+author: "Stefano Pentassuglia"
+---
+
+Whether you're just getting started with supply chain security or looking to deepen your understanding of policy enforcement in container workflows, we've curated a comprehensive collection of resources to help you on your journey.
+
+We've organized all our educational content, like conference presentations, demos, and expert talks, into our new **Resources** page for easy access and reference.
+
+<!--more-->
+
+## Explore Our Resources
+
+We've gathered presentations from industry experts, real-world implementation demos, and educational videos that showcase how organizations are using Conforma to secure their software supply chains. These resources cover everything from basic concepts to advanced policy configuration and integration strategies.
+
+**[Visit our Resources page](/resources/)**
+
+You'll find detailed information about:
+
+- **Conference Talks** by Red Hat experts covering Conforma and its integration within secure development workflows
+- **Live Demos** showing the Conforma CLI, policy configuration and enforcement
+- **Best Practices** into supply chain security
+
+Each resource includes speaker information, event details, and direct links to recordings or session materials.

website/content/posts/introducing-resources-page.md

@@ -0,0 +1,94 @@
+---
+title: Resources
+---
+
+Whether you're just getting started with supply chain security or looking to deepen your understanding of policy enforcement in container workflows, these resources provide valuable insights from industry experts and real-world implementations.
+
+These conference presentations, demos, and educational videos showcase how organizations are using Conforma to secure their software supply chains.
+
+## Enforcing Organization Policies with Enterprise Contract
+
+**Speaker:** Zoran Regvart, Red Hat  
+**Event:** SOSS Community Day Europe 2024  
+**Format:** Conference Talk with Live Demo   
+**Link:** [Watch on YouTube](https://www.youtube.com/watch?v=OmnF_Bm4KOU)
+
+{{< rawhtml >}}
+<br>
+<iframe width="560" height="315" src="https://www.youtube.com/embed/OmnF_Bm4KOU" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+<br>
+{{< /rawhtml >}}
+
+This talk explores how Conforma leverages Sigstore signatures, in-toto attestations, and other tamper-proof sources to enforce organizational policies. The presentation focuses on the Tekton ecosystem and covers:
+
+- The critical importance of ensuring container images meet organizational policies
+- How Conforma enforces policies using secure, tamper-proof sources  
+- Configuring policies to validate that specific Tekton Tasks (like code scanners) have been executed during the container image build process
+
+*Perfect for those familiar with Sigstore who want to understand how to go beyond simple signature checks to comprehensive image validation.*
+
+## Policy-Driven Supply Chain Security with Conforma
+
+**Speaker:** Mark Bestavros, Red Hat  
+**Event:** DevConf.US 2024  
+**Format:** Conference Talk with Live Demo  
+**Link:** [Watch on YouTube](https://www.youtube.com/watch?v=JgXXAjRuHfo)
+
+{{< rawhtml >}}
+<br>
+<iframe width="560" height="315" src="https://www.youtube.com/embed/JgXXAjRuHfo" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+<br>
+{{< /rawhtml >}}
+
+This talk demonstrates how Conforma serves as a decision engine for enforcing provenance, regulatory compliance, and security requirements. Key highlights include:
+
+- User-friendly policy configuration and requirements definition
+- Image signature verification and attestation validation
+- CVE alert checking and security compliance
+- Integration with Open Policy Agent's Rego rule system for extensible policy evaluation
+
+The session includes a live demonstration of building an image, verifying it using the conforma CLI, and customizing enforcement policies.
+
+## Building Trust Through Proactive Security
+
+**Speakers:** Przemyslaw Roguski & Ralph Bean, Red Hat  
+**Event:** Open Source Summit North America 2025  
+**Format:** Conference Talk with Live Demo  
+**Link:** [Talk Details](https://ossna2025.sched.com/event/1zfp2/building-trust-through-proactive-security-key-parts-of-the-trusted-software-supply-chain-przemyslaw-roguski-ralph-bean-red-hat)
+
+{{< rawhtml >}}
+<br>
+<iframe width="560" height="315" src="https://www.youtube.com/embed/CzWuBeWQDb8" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+<br>
+{{< /rawhtml >}}
+
+This comprehensive session covers Red Hat's Secure Software Development Lifecycle (SDLC) framework and includes:
+
+- Proactive vs. reactive security measures
+- SDLC objectives and implementation strategies
+- Automated testing and open-source SDLC solutions
+- Proactive vulnerability management during build phases
+- Secure software building with attestation data production (CSAF/VEX and SBOM)
+- Future of AI testing in supply chain security
+
+*Features Ralph's hands-on demonstration showing how conforma works within Konflux in practice.*
+
+## Achieving Simplicity and Security with Konflux
+
+**Speaker:** Dheeraj Singh Jodha, Red Hat  
+**Event:** TechGenie Pune 2024  
+**Format:** Virtual Presentation  
+**Link:** [Watch on YouTube](https://www.youtube.com/watch?v=sR8U5-UPGQs)  
+  
+{{< rawhtml >}}
+<br>
+<iframe width="560" height="315" src="https://www.youtube.com/embed/sR8U5-UPGQs" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
+<br>
+{{< /rawhtml >}}
+
+This presentation showcases how Konflux integrates with Conforma to provide both simplicity and security in software development workflows. Key highlights include:
+
+- Overview of modern supply chain threats in open-source software
+- Introduction to Konflux for secure and automated CI
+- Demo: onboarding, testing, vulnerability scanning, and custom policy-based gating (via Conforma)
+- Empowering teams to shift left on security through policy-driven pipelines