Software Supply Chain Integrity with Sigstore
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore software supply chain integrity through Sigstore in this 23-minute conference talk by Marina Moore and Priya Wadhwa from Google. Learn about the importance of Sigstore, its key components like Cosign, and how it enhances software security. Discover practical applications through demos on Cosign verification and the update framework. Gain insights into offline ceremonies, integrations, and real-world implementations such as Tecton Chains. Conclude with a look at future developments and participate in a Q&A session to deepen your understanding of this crucial aspect of software development and distribution.
Syllabus
Intro
Meet Marina Priya
Why do we need Sigstore
Cosign
Cosign for other software
Record
Timestamp
Fulcio
Demo
Cosign Verification
Demo Overview
Update Framework
Offline Ceremony
Integrations
Tecton Chains
In Practice
Future Steps
Questions
Taught by
Linux Foundation
Tags
Related Courses
Hardening Your Soft Software Supply ChainPluralsight DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight Securing Your Software Supply Chain with Sigstore
Linux Foundation via edX GitHub Supply Chain Security Using GitGat
Linux Foundation via edX Kyverno - Deep Dive - Tech Talks
Mirantis via YouTube