YoVDO

Identity-based Source Integrity with Gitsign

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

Software Supply Chain Security Courses Incident Response Courses OpenID Connect (OIDC) Courses GitOps Courses Sigstore Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore identity-based source integrity using Gitsign in this 29-minute conference talk by Billy Lynch from Chainguard. Delve into the critical importance of signing and verifying source code integrity in software supply chain security, particularly for GitOps workflows. Learn about the challenges of traditional Git commit signing methods using GPG and SSH keys, especially in shared environments like CI/CD. Discover Gitsign, a Sigstore project that introduces "keyless" identity-based signing to Git using OIDC-based identities. Understand how Gitsign can enhance the security of source code consumed and produced by CI/CD and GitOps workflows, and improve incident response in case of a compromise. Gain insights into implementing cryptographic signing for Git commits and its benefits over conventional signing techniques.

Syllabus

Identity-based Source Integrity with Gitsign - Billy Lynch, Chainguard


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Academia de auditoría en la nube: independencia en la nube (Español LATAM) | Cloud Audit Academy - Cloud Agnostic (Spanish from Latin America)
Amazon Web Services via AWS Skill Builder AWS Certified DevOps Engineer – Professional
A Cloud Guru AWS Certified DevOps Engineer - Professional 2020
A Cloud Guru CompTIA CySA+ Certification
A Cloud Guru Advanced Network Security
LearnQuest via Coursera