Software Supply Chain Integrity with Sigstore
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore software supply chain integrity through Sigstore in this 23-minute conference talk by Marina Moore and Priya Wadhwa from Google. Learn about the importance of Sigstore, its key components like Cosign, and how it enhances software security. Discover practical applications through demos on Cosign verification and the update framework. Gain insights into offline ceremonies, integrations, and real-world implementations such as Tecton Chains. Conclude with a look at future developments and participate in a Q&A session to deepen your understanding of this crucial aspect of software development and distribution.
Syllabus
Intro
Meet Marina Priya
Why do we need Sigstore
Cosign
Cosign for other software
Record
Timestamp
Fulcio
Demo
Cosign Verification
Demo Overview
Update Framework
Offline Ceremony
Integrations
Tecton Chains
In Practice
Future Steps
Questions
Taught by
Linux Foundation
Tags
Related Courses
Securing Your Software Supply Chain with SigstoreLinux Foundation via edX Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Rawkode Academy via YouTube Attesting Practically: Exploring the Glue Behind Secure Runtime Environments
Linux Foundation via YouTube Making Sense of Security Supply Chain - An Overview for Beginners
CNCF [Cloud Native Computing Foundation] via YouTube Platform Driven Compliance with Sigstore at Autodesk
CNCF [Cloud Native Computing Foundation] via YouTube