Packaging, Transferring, and Deploying Software in Air-Gapped Environments with Zarf

Host Sally Cooper is joined by Brandt Keller, a staff software engineer at Defense Unicorns and maintainer of the OpenSSF sandbox project, Zarf. Brandt discusses Zarf's origins as a tool designed to reliably package, transfer, and deploy software components (like container images and Helm charts) specifically for critical, air-gapped environments that lack internet connectivity. The conversation explores Zarf's evolution, highlighting its current role in introducing security gates, improving transparency, and consolidating various management and S-bomb tools into a single, declarative workflow. Finally, Brandt explains how Zarf's declarative manifest model is helping to secure open source software by reducing the cognitive burden on maintainers and giving integrators confidence in upstream artifacts

Chapters
00:01: Welcome and Introduction to Brandt Keller and Defense Unicorns
02:01: What is Zarf and its history: Solving the air-gapped use case
04:33: Zarf's critical function today: Security, transparency, and packaging
09:18: How Zarf has evolved: From niche tool to agnostic distribution and GitOps integration
12:07: Zarf’s role in OpenSSF and securing open source software
16:05: Rapid Fire and Call to Action (Zarf.dev)

Episode links:

Brandt Keller’s LinkedIn pageZarf websiteZarf GitHubCNCF Security Technical Advisory Group (TAG Security)OpenSSF Software Supply Chain Integrity Working GroupOpenSSF Project GUACDefense UnicornsGet involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn