Enforcing the OpenSSF Ecosystem With AMPEL - Adolfo García Veytia, Carabiner Systems

Enforcing the OpenSSF Ecosystem With AMPEL - Adolfo García Veytia, Carabiner Systems AMPEL, the Amazing Multipurpose Policy Engine (and L), is the latest open-source project (about) to land in the OpenSSF sandbox. AMPEL is a policy engine designed to be embeddable and easy to use in modern CI/CD environments. It brings together verification of signed in-toto attestations against policies, mapped to security framework controls, enabling projects and organizations to demonstrate compliance with security frameworks. The OpenSSF ecosystem groups tools that produce, manage, and verify security data. AMPEL was created to combine them into a solution that actually protects you. Just name an OpenSSF project, and AMPEL has your back: ✓ Native Sigstore verification ✓ Universal SBOM policies with protobom ✓ SLSA provenance ✓ Built-in OpenVEX support ... and more. These scenarios compose into a coherent solution to comply with common security frameworks, such as the OSPS Security Baseline or the CRA. This is cryptographically probable compliance for everyone! Come and meet AMPEL, its community maintained policy library, and watch our practical examples in this hands-on session that promises a use case for everyone.