Loading…
18-19 June
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon India 2026 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in India Standard Time (UTC+5:30)To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
← Back to schedule
In-toto Attestations for What Really Happens in Your Build Pipeline, With Witness - Vyom Yadav, Canonical & Rahul Vishwakarma, Highlevel
Thursday June 18, 2026 12:40pm - 1:10pm IST
204 (Level 2)
State-sponsored supply chain attacks, like the Shai Hulud worm, highlight the urgent need for automated, cryptographically verifiable attestations generated at the moment the supply chain executes, capturing execution details that directly improve the accuracy of secure SDLC documents like SBOMs.

Witness, an in-toto subproject, is one such tool that records various aspects of a system during supply chain execution. Unlike static lock files generated by toolchains, which often miss components and lack cryptographically verifiable metadata, Witness captures a complete and verifiable picture of what was actually executed. New observability features now enable Witness to enrich SBOMs with accurate, runtime-derived data, while also establishing a network baseline for supply chain execution.
Speakers
avatar for Vyom Yadav

Vyom Yadav

Security Engineer, Canonical
Vyom is a CNCF Ambassador and was the Kubernetes Release Lead for v1.34. He is also on the Kubernetes Security Response Committee. At Canonical, he focuses on Ubuntu Security and Software Supply Chain Security.

In the past he has worked on other various open source projects including Kyverno, OSSF Minder, in-toto, KuberArmor, Checkstyle... Read More →
avatar for Rahul Vishwakarma

Rahul Vishwakarma

Open Source Developer | in-toto / Witness | GSoC & LFX Mentee, Highlevel
Rahul Vishwakarma is an active open source contributor to CNCF's in-toto project, where he has worked on Witness and Archivista — building attestors and policy verification features for supply chain security. He previously contracted with TestifySec and is currently an SDE Intern... Read More →
Thursday June 18, 2026 12:40pm - 1:10pm IST
204 (Level 2)
  Maintainer Track, in-toto

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning App Privacy Terms
Share Modal

Share this link via

Or copy link