[$] Securing Git repositories with gittuf

The so-called software supply chain starts with source code. But most security measures and toolingdon't kick in until source is turned into an artifact-a sourcetarball, binary build, container image, or other method of delivering arelease to users. The gittuf projectis an attempt to provide a security layer for Git that can handle key management,enforce security policies for repositories, and guard against attacksat the version-control layer. At Open Source Summit North America (OSSNA), Aditya Sirish AYelgundhalli and Billy Lynch presentedan introduction to gittuf with an overview of its goals andstatus.