What news from AWS re:Invent last week will have the most impact on you?
Amazon Q, an AI chatbot for explaining how AWS works.
Super-fast S3 Express storage.
New Graviton 4 processor instances.
Emily Freeman leaving AWS.
I don't use AWS, so none of this will affect me.
CI/CD / DevOps / Security

Demo: How Codefresh and Its Argo Core Improve Security

See how Codefresh lets devs follow their code and how it allows ops to see where the code came from in this demo with the company's co-founder Dan Garfield.
Sep 29th, 2023 4:00am by
Featued image for: Demo: How Codefresh and Its Argo Core Improve Security

Supply-chain Levels for Software Artifacts — or SLSA, to its friends — is a security framework introduced by Google in 2021. Despite its benefits, offering incremental guidelines for creating secure builds, many developers aren’t even aware of it. But the latest version of Argo, the continuous delivery tool and GitOps enabler, is compliant with Level Three of the four-level SLSA framework.

Level Three “basically means that now anybody that’s deployed Argo can check the verification on these images and make sure that they were signed by the project,” said Dan Garfield, co-founder and chief open source officer of Codefresh. “They were created in our [continuous integration] system and they weren’t manipulated in any way.”

In this episode of The New Stack Demos, Garfield showed Alex Williams, TNS founder and publisher, features of Codefresh’s enterprise platform, which is built on Argo.

A problem that the latest from Codefresh seeks to solve, Garfield said, is that it’s hard for developers to know the current status of their code once it’s deployed. “Codefresh solves that by surfacing all that information right away, so that you always know exactly where everything came from, what changes have actually made it into production.”

In short, he summarized, “it allows developers to follow their code where it goes, and it allows operations to follow the code where it came from.”

Check out the full video demo to see how it all works.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: The New Stack.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.