ITE-3: Real-world example of combining TUF and in-toto for packaging Datadog Agent integrations

Skip to first unread message

Trishank Kuppusamy

Sep 2, 2021, 3:11:01 PM9/2/21
Hi everyone,

Looking for acceptance of my ITE-3, which I think will be useful to many looking to secure their own supply chains.


Datadog is a monitoring service for cloud-scale applications that monitor servers, databases, tools, and services through a software-as-a-service-based data analytics platform. It supports multiple cloud service providers, including Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Red Hat OpenShift.

The Datadog agent is the software that runs on virtual machines or containers. It collects events and metrics from these virtual machines or containers and sends them to Datadog, where customers can analyze their monitoring and performance data. The agent integrations is A plug-in that collects metrics from services running on customer infrastructure. Presently, there are more than one hundred integrations, all of which come out-of-the-box with the Agent installed.

This ITE discusses the TUF security model used to distribute the Datadog Agent integrations in a compromise-resilient manner.

The ITE itself is here:

And the GitHub issue to raise any questions/feedback is here:

Looking forward to your feedback!

Reply all
Reply to author
0 new messages