WasmEdge icon indicating copy to clipboard operation
WasmEdge copied to clipboard
verified publisher icon WasmEdge

CNCF: Evaluate and implement software attestation capabilities

Open hydai opened this issue 5 months ago • 0 comments

Summary

The TAG-Security assessment suggests evaluating whether WasmEdge should implement software attestation for edge devices and supply chain attestations using frameworks like in-toto, SLSA, or SCITT.

Software attestation would provide:

  • Verification of software running on edge devices
  • Supply chain security guarantees
  • Trust establishment in distributed edge environments
  • Compliance with emerging security standards

Appendix

  • in-toto: https://github.com/in-toto/in-toto
  • SLSA: https://slsa.dev/
  • SCITT: https://datatracker.ietf.org/group/scitt/about/

hydai avatar Jul 07 '25 07:07 hydai