YoVDO

Bringing Provenance to Open Source - Lessons from Npm's Sigstore Integration

Offered By: Linux Foundation via YouTube

Tags

Software Supply Chain Security Courses Software Development Courses Cybersecurity Courses npm Courses Sigstore Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the challenges and solutions in bringing provenance to open source software in this 27-minute conference talk by Trevor Rosen and Zach Steindler from GitHub/npm. Delve into npm's integration with Sigstore to address the lack of verifiable links between packages and their source code. Learn about the complexities of securing build processes, the implications of developer identity verification, and the potential for applying these approaches to other package ecosystems. Gain insights into one of the most significant efforts in software supply chain security and consider fundamental perspectives on package provenance across the open source landscape.

Syllabus

Bringing Provenance to All of Open Source: Lessons from Npm’s... - Trevor Rosen & Zach Steindler


Taught by

Linux Foundation

Tags

Related Courses

Securing Your Software Supply Chain with Sigstore
Linux Foundation via edX Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Rawkode Academy via YouTube Protecting the World's Greatest Open Source Ecosystem with Sigstore
Devoxx via YouTube PGP vs Sigstore - The Match at Maven Central
Devoxx via YouTube Securing Your Infrastructure as Code Pipeline
Linux Foundation via YouTube