Explore a hands-on introduction to Project sigstore in this comprehensive video tutorial. Learn about the fundamentals of sigstore, a Linux Foundation project aimed at improving open source software supply chain security. Discover how to sign and verify container images using cosign, including its keyless mode. Delve into transparency logs with rekor and understand how to implement signed image policies using Kyverno. Gain practical insights from Dan Lorenc, an expert in OSS Supply Chain Security at Google, as he guides you through the essential components and applications of sigstore. Perfect for developers and software providers looking to enhance their knowledge of cryptographic software signing and secure artifact management.
Hands-on Introduction to Sigstore - Securing the Software Supply Chain
Overview
Syllabus
- Holding screen
- Introductions
- What is Project sigstore?
- Signing & Verifying Container Images with cosign
- cosign: keyless mode
- Transparency Logs with rekor
- Using Kyverno for Signed Image Policies
Taught by
Rawkode Academy
Related Courses
-
Securing Your Software Supply Chain with Sigstore
-
Sigstore: Evolution and Future of Software Security Signing
-
Securing Kubernetes Manifests with Sigstore Cosign - Options and Best Practices
-
Securing GitOps Supply Chain with Sigstore and Kyverno
-
So You Want to Run Your Own Sigstore - Recommendations for a Secure Setup
-
Zero Trust Supply Chains with Project Sigstore and SPIFFE
