Protecting the World's Greatest Open Source Ecosystem with Sigstore
Offered By: Devoxx via YouTube
Course Description
Overview
Explore the critical importance of software supply chain security in this 50-minute conference talk by Sigstore-java maintainers Patrick Flynn and Appu Goundan. Discover how Sigstore, an OpenSSF project, addresses the dependency trust problem by simplifying cryptographic signing of artifacts. Learn about the risks associated with using unverified third-party packages and how Sigstore integrates with Maven Central to protect both producers and consumers of artifacts. Gain insights into implementing Sigstore to sign and verify artifacts, safeguarding your software and users from malicious supply chain attacks. Benefit from the speakers' extensive experience in Java developer tooling and software supply chain security as they demonstrate practical applications of Sigstore in the open-source ecosystem.
Syllabus
Protecting the world’s greatest open source ecosystem with Sigstore by Patrick Flynn , Appu Goundan
Taught by
Devoxx
Related Courses
Securing Your Software Supply Chain with SigstoreLinux Foundation via edX Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Rawkode Academy via YouTube PGP vs Sigstore - The Match at Maven Central
Devoxx via YouTube Securing Your Infrastructure as Code Pipeline
Linux Foundation via YouTube The Importance of Developer Tooling for Secure Open Source Software
Linux Foundation via YouTube