Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Offered By: Rawkode Academy via YouTube
Course Description
Overview
Explore a hands-on introduction to Project sigstore in this comprehensive video tutorial. Learn about the fundamentals of sigstore, a Linux Foundation project aimed at improving open source software supply chain security. Discover how to sign and verify container images using cosign, including its keyless mode. Delve into transparency logs with rekor and understand how to implement signed image policies using Kyverno. Gain practical insights from Dan Lorenc, an expert in OSS Supply Chain Security at Google, as he guides you through the essential components and applications of sigstore. Perfect for developers and software providers looking to enhance their knowledge of cryptographic software signing and secure artifact management.
Syllabus
- Holding screen
- Introductions
- What is Project sigstore?
- Signing & Verifying Container Images with cosign
- cosign: keyless mode
- Transparency Logs with rekor
- Using Kyverno for Signed Image Policies
Taught by
Rawkode Academy
Related Courses
Securing Your Software Supply Chain with SigstoreLinux Foundation via edX Attesting Practically: Exploring the Glue Behind Secure Runtime Environments
Linux Foundation via YouTube Software Supply Chain Integrity with Sigstore
Linux Foundation via YouTube Making Sense of Security Supply Chain - An Overview for Beginners
CNCF [Cloud Native Computing Foundation] via YouTube Platform Driven Compliance with Sigstore at Autodesk
CNCF [Cloud Native Computing Foundation] via YouTube