Explore the world of software supply chain security in this 35-minute conference talk from DevConf.CZ 2023. Delve into Project Sigstore, a new standard for signing, verifying, and protecting software, with a focus on its application for Python developers. Learn how to leverage the sigstore-python client to secure Python projects and distribute artifacts safely and efficiently. Gain insights into addressing the rising threat of software supply chain attacks targeting third-party dependencies. Discover accessible methods for tracing software back to its source without requiring extensive knowledge of cryptographic protocols used in generating and verifying artifact signatures.
Overview
Syllabus
An introduction to Sigstore for Pythonistas - DevConf.CZ 2023
Taught by
DevConf
Related Courses
-
Zero Trust Supply Chains with Project Sigstore and SPIFFE
-
Sigstore: Past, Present and Future Directions
-
Sigstore: Using Transparent Digital Signatures to Help Secure the Software Supply Chain
-
Securing Python Projects Supply Chain
-
Sigstore: Evolution and Future of Software Security Signing
-
Securing the Supply Chain with Sigstore Artifact Signatures at Scale
