No Keys? No Problem - Why You Can Trust Sigstore Signatures
Offered By: CNCF [Cloud Native Computing Foundation] via YouTube
Course Description
Overview
Explore the security and trustworthiness of Sigstore's keyless code signing service in this 27-minute conference talk from KubeCon + CloudNativeCon Europe 2023. Delve into the Sigstore ecosystem, examining how it protects public infrastructure while adhering to core principles of openness. Learn about the trust root, key management requirements, and the implementation of The Update Framework (TUF). Witness a live demonstration simulating a real-life compromise of critical components to test Sigstore's resilience. Gain insights into the Sigstore Community Root, initial trust establishment, ceremony operations, and root management. Discover the Sigstore TUF target layout, client usage, integration, and ecosystem. Equip yourself with knowledge to understand and trust Sigstore signatures for enhanced software supply chain security.
Syllabus
Intro
Sigstore Ecosystem
Where are the keys?
Compromise
Trust in Services
Key management requirements
TUF introduction - continued
TUF - Example deployment
Pictures of where TUF is used
Sigstore Community Root
Initial Root Trust
Ceremony Operations
Root Management
Sigstore TUF Target Layout
Sigstore Client Usage
Client integration
Client Ecosystem
Find out more
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
Building on Microsoft Sentinel PlatformMicrosoft via YouTube Securing Applications and Infrastructure on Kubernetes with Sysdig
Mirantis via YouTube Container Escape in 2021
Hack In The Box Security Conference via YouTube Running at Light Speed - Cloud Native Security Patterns
LASCON via YouTube Controlled Mayhem With Cloud Native Security Pipelines
OWASP Foundation via YouTube