Software Supply Chain Integrity with Sigstore
Offered By: Linux Foundation via YouTube
Course Description
Overview
Explore software supply chain integrity through Sigstore in this 23-minute conference talk by Marina Moore and Priya Wadhwa from Google. Learn about the importance of Sigstore, its key components like Cosign, and how it enhances software security. Discover practical applications through demos on Cosign verification and the update framework. Gain insights into offline ceremonies, integrations, and real-world implementations such as Tecton Chains. Conclude with a look at future developments and participate in a Q&A session to deepen your understanding of this crucial aspect of software development and distribution.
Syllabus
Intro
Meet Marina Priya
Why do we need Sigstore
Cosign
Cosign for other software
Record
Timestamp
Fulcio
Demo
Cosign Verification
Demo Overview
Update Framework
Offline Ceremony
Integrations
Tecton Chains
In Practice
Future Steps
Questions
Taught by
Linux Foundation
Tags
Related Courses
GitHub Supply Chain Security Using GitGatLinux Foundation via edX Introduction to Security Principles in Cloud Computing
Google via Google Cloud Skills Boost DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
Pluralsight Hardening Your Soft Software Supply Chain
Pluralsight Secure Software Supply Chain: Using Cloud Build & Cloud Deploy to Deploy Containerized Applications
Google via Google Cloud Skills Boost