Uncovering the History of Your Software Artifacts
Software Forensics for the Modern Age
At Cloud Native SecurityCon NA 2023, Mikhail Swift delivered a masterclass in software artifact forensics. This presentation goes beyond theoretical concepts to provide hands-on demonstrations of how organizations can trace the complete history of any software artifact in their environment.
In an era where supply chain attacks are increasingly sophisticated, understanding the provenance of your software isn't just nice to have—it's essential for security. Mikhail shows how Witness, his open source implementation of the in-toto specification, makes it possible to answer critical questions about any artifact: Who built it? What source code was used? What dependencies were included? What security scans were performed?
From Mystery to Transparency
The talk transforms what many see as an impossible challenge—understanding the complete history of compiled software—into a solved problem. Through live demonstrations, Mikhail shows how attestations collected during the build process can be assembled into a comprehensive provenance graph that tells the complete story of an artifact's creation.
This isn't just about security—it's about accountability, compliance, and operational excellence. When an incident occurs, teams can instantly trace back through the artifact's history to understand exactly what happened and why.
Key Takeaways
Every software artifact has a hidden history that can be reconstructed through attestations
Witness enables automatic collection of provenance data without changing existing workflows
Provenance graphs visualize the complete journey of software from source to deployment
Cryptographic verification ensures the authenticity of historical data
Understanding artifact history is crucial for security incident response and compliance
The ability to answer "who, what, when, where, why" for any artifact transforms security posture
Watch the Full Presentation
40 minutes of insights on witness
About the Speaker
Mikhail Swift
Staff Engineer, Replicated
Mikhail Swift is the creator of Witness and a pioneer in practical supply chain security. As a Staff Engineer at Replicated, he continues to advance the mission of making attestation-based security accessible to organizations worldwide.
His work focuses on the intersection of security, developer experience, and operational excellence. Mikhail believes that security tools should enhance, not hinder, development velocity—a philosophy that drives the design of Witness and his ongoing contributions to supply chain security.
A frequent speaker and open source contributor, Mikhail is passionate about building tools that solve real problems for real developers. His presentations are known for live demonstrations and practical takeaways that attendees can implement immediately.