YoVDO

Securing Your Software Supply Chain with Sigstore

Offered By: Linux Foundation via edX

Tags

Software Development Courses DevOps Courses Cloud Computing Courses Software Supply Chain Security Courses Sigstore Courses Cosign Courses

Course Description

Overview

Building and distributing software that is secure throughout its entire lifecycle can be challenging, leaving many projects unprepared to build securely by default. Attacks and vulnerabilities can emerge at any step of the chain, from writing to packaging and distributing software to end users. Sigstore is one of several innovative technologies that have emerged to improve the integrity of the software supply chain, reducing the friction developers face in implementing security within their daily work.

This course is designed with end users of Sigstore tooling in mind: software developers, DevOps engineers, security engineers, software maintainers, and related roles. To make the best of this course, you will need to be familiar with Linux terminals and using command line tools. You will also need to have intermediate knowledge of cloud computing and DevOps concepts, such as using and building containers and CI/CD systems like GitHub actions.

This course will introduce you to Cosign, Fulcio, Rekor, and the Policy Controller, the tools under the Sigstore umbrella, explaining how they support a more secure software supply chain. You will learn how to employ these tools throughout your software development, testing, and distribution processes. Additionally, those who use or implement your software will be able to verify its authenticity through tamper-resistant public logs.

Upon completing this course, you will be able to inform your organization’s security strategy and build software more securely by default.


Syllabus

  • Welcome
  • 1. Introducing Sigstore
  • 2. Cosign: Signing and Verifying Containers and Artifacts
  • 3. Fulcio: The Trusted Digital Certificate Authority
  • 4. Rekor: The Immutable and Secure Transparency Log
  • 5. Policy Controller: The Kubernetes Cluster Gatekeeper
  • 6. Getting Involved with the Sigstore Community
  • Final Exam (verified track only)

Taught by

Lisa Tagliaferri and John Speed Meyers

Tags

Related Courses

Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Rawkode Academy via YouTube
Protecting the World's Greatest Open Source Ecosystem with Sigstore
Devoxx via YouTube
PGP vs Sigstore - The Match at Maven Central
Devoxx via YouTube
Securing Your Infrastructure as Code Pipeline
Linux Foundation via YouTube
The Importance of Developer Tooling for Secure Open Source Software
Linux Foundation via YouTube