Software Supply Chain Integrity with Sigstore
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore software supply chain integrity through Sigstore in this 23-minute conference talk by Marina Moore and Priya Wadhwa from Google. Learn about the importance of Sigstore, its key components like Cosign, and how it enhances software security. Discover practical applications through demos on Cosign verification and the update framework. Gain insights into offline ceremonies, integrations, and real-world implementations such as Tecton Chains. Conclude with a look at future developments and participate in a Q&A session to deepen your understanding of this crucial aspect of software development and distribution.
Syllabus
Intro
Meet Marina Priya
Why do we need Sigstore
Cosign
Cosign for other software
Record
Timestamp
Fulcio
Demo
Cosign Verification
Demo Overview
Update Framework
Offline Ceremony
Integrations
Tecton Chains
In Practice
Future Steps
Questions
Taught by
Linux Foundation
Tags
Related Courses
Securing Your Software Supply Chain with SigstoreLinux Foundation via edX Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Rawkode Academy via YouTube Protecting the World's Greatest Open Source Ecosystem with Sigstore
Devoxx via YouTube PGP vs Sigstore - The Match at Maven Central
Devoxx via YouTube Securing Your Infrastructure as Code Pipeline
Linux Foundation via YouTube