Host Sally Cooper is joined by Brandt Keller, a staff software engineer at Defense Unicorns and maintainer of the OpenSSF sandbox project, Zarf. Brandt discusses Zarf's origins as a tool designed to reliably package, transfer, and deploy software components (like container images and Helm charts) specifically for critical, air-gapped environments that lack internet connectivity. The conversation explores Zarf's evolution, highlighting its current role in introducing security gates, improving transparency, and consolidating various management and S-bomb tools into a single, declarative workflow. Finally, Brandt explains how Zarf's declarative manifest model is helping to secure open source software by reducing the cognitive burden on maintainers and giving integrators confidence in upstream artifacts
Chapters 00:01: Welcome and Introduction to Brandt Keller and Defense Unicorns 02:01: What is Zarf and its history: Solving the air-gapped use case 04:33: Zarf's critical function today: Security, transparency, and packaging 09:18: How Zarf has evolved: From niche tool to agnostic distribution and GitOps integration 12:07: Zarf’s role in OpenSSF and securing open source software 16:05: Rapid Fire and Call to Action (Zarf.dev)
Podden och tillhörande omslagsbild på den här sidan tillhör
OpenSSF. Innehållet i podden är skapat av OpenSSF och inte av,
eller tillsammans med, Poddtoppen.