Presented by

  • Nisha Kumar

    Nisha Kumar

    Nisha is a software developer at Oracle Cloud Infrastructure (not to be confused with the Open Container Initiative). Nisha is involved in the SPDX and CNCF communities, trying to improve software and service transparency.


The Update Framework (TUF) is an Open Source Framework used to secure software repository. OK, that's great. But what does that look in practice? A repository is just storage that is accessible to anyone other than you. Think about a shared Google folder. That's a repository. For software development, that's a database, an AWS S3 bucket, or even just a directory on disk. This talk will walk you through the steps to implement TUF on a typical data store you may use on a regular basis. Then we will see how TUF ensures the consumers of that data can verify your identity and the freshness of the things you share.