YoVDO

Growing the Chain: Trusting Build Provenance from Userspace

Offered By: Linux Foundation via YouTube

Tags

Software Supply Chain Security Courses CI/CD Courses DevSecOps Courses OpenID Connect (OIDC) Courses Sigstore Courses Cosign Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the challenges and solutions for establishing trust in build provenance from userspace in this 33-minute conference talk by Billy Lynch from Chainguard. Learn how tools like Cosign, npm, and Goreleaser are enhancing package and artifact signing capabilities in CI/CD workflows. Discover the potential risks associated with generating provenance and attestations from user pipelines and understand how to build a chain of trust linking artifacts, CI configuration, and build services. Gain insights into the role of open-source technologies such as Sigstore and OIDC in enabling this trust framework. Examine what CI providers and users need to implement to establish this trust, and explore real-world examples of successful implementations for securing builds.

Syllabus

Growing the Chain: Trusting Build Provenance from Userspace - Billy Lynch, Chainguard


Taught by

Linux Foundation

Tags

Related Courses

DevOps CI/CD Pipeline: Automation from development to deployment
Universidad Anáhuac via edX DevOps Pipeline: Automatización hasta el despliegue
Universidad Anáhuac via edX Exploring the Benefits of Continuous Security and Compliance for Cloud Infrastructure
Pluralsight Integrating Incident Response into DevSecOps
Pluralsight DevSecOps: Building a Secure Continuous Delivery Pipeline
LinkedIn Learning