Growing the Chain: Trusting Build Provenance from Userspace
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore the challenges and solutions for establishing trust in build provenance from userspace in this 33-minute conference talk by Billy Lynch from Chainguard. Learn how tools like Cosign, npm, and Goreleaser are enhancing package and artifact signing capabilities in CI/CD workflows. Discover the potential risks associated with generating provenance and attestations from user pipelines and understand how to build a chain of trust linking artifacts, CI configuration, and build services. Gain insights into the role of open-source technologies such as Sigstore and OIDC in enabling this trust framework. Examine what CI providers and users need to implement to establish this trust, and explore real-world examples of successful implementations for securing builds.
Syllabus
Growing the Chain: Trusting Build Provenance from Userspace - Billy Lynch, Chainguard
Taught by
Linux Foundation
Tags
Related Courses
Introduction to JenkinsLinux Foundation via edX Introduction to Cloud Native, DevOps, Agile, and NoSQL
IBM via edX Learn Azure DevOps CI/CD pipelines
Udemy IBM Full Stack Software Developer
IBM via Coursera DevOps: CI/CD with Jenkins pipelines, Maven, Gradle
Udemy