YoVDO

Growing the Chain: Trusting Build Provenance from Userspace

Offered By: Linux Foundation via YouTube

Tags

Software Supply Chain Security Courses CI/CD Courses DevSecOps Courses OpenID Connect (OIDC) Courses Sigstore Courses Cosign Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the challenges and solutions for establishing trust in build provenance from userspace in this 33-minute conference talk by Billy Lynch from Chainguard. Learn how tools like Cosign, npm, and Goreleaser are enhancing package and artifact signing capabilities in CI/CD workflows. Discover the potential risks associated with generating provenance and attestations from user pipelines and understand how to build a chain of trust linking artifacts, CI configuration, and build services. Gain insights into the role of open-source technologies such as Sigstore and OIDC in enabling this trust framework. Examine what CI providers and users need to implement to establish this trust, and explore real-world examples of successful implementations for securing builds.

Syllabus

Growing the Chain: Trusting Build Provenance from Userspace - Billy Lynch, Chainguard


Taught by

Linux Foundation

Tags

Related Courses

Introduction to Jenkins
Linux Foundation via edX
Introduction to Cloud Native, DevOps, Agile, and NoSQL
IBM via edX
Learn Azure DevOps CI/CD pipelines
Udemy
IBM Full Stack Software Developer
IBM via Coursera
DevOps: CI/CD with Jenkins pipelines, Maven, Gradle
Udemy