NPM and Sigstore - Provenance Comes to the World's Largest OSS Ecosystem
Offered By: Black Hat via YouTube
Course Description
Overview
Explore a 39-minute conference talk from Black Hat detailing GitHub's efforts to secure the Javascript ecosystem through provenance integration and partnership with Sigstore. Discover how npm, the world's largest language ecosystem, is addressing malware attacks and supply chain trojans by implementing software signing. Learn about the challenges and solutions in securing a system that serves over 70 billion requests monthly and processes around 40,000 publish events daily. Gain insights from speakers Trevor Rosen and Zach Steindler on the future of open-source software security and the role of provenance in protecting the npm ecosystem.
Syllabus
npm and Sigstore: Provenance Comes to the World's Largest OSS Ecosystem
Taught by
Black Hat
Related Courses
Securing Your Software Supply Chain with SigstoreLinux Foundation via edX Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Rawkode Academy via YouTube Protecting the World's Greatest Open Source Ecosystem with Sigstore
Devoxx via YouTube PGP vs Sigstore - The Match at Maven Central
Devoxx via YouTube Securing Your Infrastructure as Code Pipeline
Linux Foundation via YouTube