Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Leveraging Sigstore Capabilities in a Local Environment

OpenSSF via YouTube

Overview

Explore how Lockheed Martin integrates Sigstore capabilities in a local environment to enhance software supply chain security. Learn about the company's approach to creating internal Kubernetes deployments of Sigstore utilities, using internal certificate authorities and trust roots within identity providers. Discover the implementation of AWS Key Management Service for signing and the use of reusable Gitlab pipelines to streamline interactions with internal Oauth providers and simplify cosign tool usage. Gain insights into the reasons behind this approach, unique implementation details, and future plans to meet Executive Order 14028 requirements in an affordable and robust manner. Understand the importance of open-source solutions in addressing challenges related to licensing, dependencies, and vulnerabilities in software development.

Syllabus

Leveraging Sigstore Capabilities in a Local Environment - Chad Coleman, Lockheed Martin

Taught by

OpenSSF

Reviews

Start your review of Leveraging Sigstore Capabilities in a Local Environment

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.