Identity-based Source Integrity with Gitsign
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore identity-based source integrity using Gitsign in this 29-minute conference talk by Billy Lynch from Chainguard. Delve into the critical importance of signing and verifying source code integrity in software supply chain security, particularly for GitOps workflows. Learn about the challenges of traditional Git commit signing methods using GPG and SSH keys, especially in shared environments like CI/CD. Discover Gitsign, a Sigstore project that introduces "keyless" identity-based signing to Git using OIDC-based identities. Understand how Gitsign can enhance the security of source code consumed and produced by CI/CD and GitOps workflows, and improve incident response in case of a compromise. Gain insights into implementing cryptographic signing for Git commits and its benefits over conventional signing techniques.
Syllabus
Identity-based Source Integrity with Gitsign - Billy Lynch, Chainguard
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Securing Your Software Supply Chain with SigstoreLinux Foundation via edX Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Rawkode Academy via YouTube Protecting the World's Greatest Open Source Ecosystem with Sigstore
Devoxx via YouTube PGP vs Sigstore - The Match at Maven Central
Devoxx via YouTube Securing Your Infrastructure as Code Pipeline
Linux Foundation via YouTube