Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Offered By: Rawkode Academy via YouTube
Course Description
Overview
Explore a hands-on introduction to Project sigstore in this comprehensive video tutorial. Learn about the fundamentals of sigstore, a Linux Foundation project aimed at improving open source software supply chain security. Discover how to sign and verify container images using cosign, including its keyless mode. Delve into transparency logs with rekor and understand how to implement signed image policies using Kyverno. Gain practical insights from Dan Lorenc, an expert in OSS Supply Chain Security at Google, as he guides you through the essential components and applications of sigstore. Perfect for developers and software providers looking to enhance their knowledge of cryptographic software signing and secure artifact management.
Syllabus
- Holding screen
- Introductions
- What is Project sigstore?
- Signing & Verifying Container Images with cosign
- cosign: keyless mode
- Transparency Logs with rekor
- Using Kyverno for Signed Image Policies
Taught by
Rawkode Academy
Related Courses
Hardening Your Soft Software Supply ChainPluralsight DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight Securing Your Software Supply Chain with Sigstore
Linux Foundation via edX GitHub Supply Chain Security Using GitGat
Linux Foundation via edX Kyverno - Deep Dive - Tech Talks
Mirantis via YouTube