Securing the Supply Chain with Sigstore Artifact Signatures at Scale

Explore Yahoo's year-long journey integrating Sigstore to enhance supply chain security in this 34-minute conference talk from the Cloud Native Computing Foundation (CNCF). Learn how the Paranoids, Yahoo's information security organization, successfully secured approximately 60,000 daily builds across 700 clusters and 100,000 pods. Discover the image signing and verification process, and gain insights into the enhancements implemented for an "enterprise-grade" Sigstore deployment at Yahoo's scale. Understand how Sigstore components were adapted to Yahoo's corporate environment, utilizing their own certificate authority and identity provider (Athenz). Gain valuable knowledge on implementing Sigstore in Continuous Integration (CI) pipelines, customized for specific components and enterprise architectures. Leave equipped with practical strategies to secure your own supply chain using Sigstore artifact signatures at scale.

Securing the Supply Chain with Sigstore Artifacts Signatures at Scale