Explore the world of software supply chain security in this 35-minute conference talk from DevConf.CZ 2023. Delve into Project Sigstore, a new standard for signing, verifying, and protecting software, with a focus on its application for Python developers. Learn how to leverage the sigstore-python client to secure Python projects and distribute artifacts safely and efficiently. Gain insights into addressing the rising threat of software supply chain attacks targeting third-party dependencies. Discover accessible methods for tracing software back to its source without requiring extensive knowledge of cryptographic protocols used in generating and verifying artifact signatures.
Overview
Syllabus
An introduction to Sigstore for Pythonistas - DevConf.CZ 2023
Taught by
DevConf