Explore how Lockheed Martin integrates Sigstore capabilities in a local environment to enhance software supply chain security. Learn about the company's approach to creating internal Kubernetes deployments of Sigstore utilities, using internal certificate authorities and trust roots within identity providers. Discover the implementation of AWS Key Management Service for signing and the use of reusable Gitlab pipelines to streamline interactions with internal Oauth providers and simplify cosign tool usage. Gain insights into the reasons behind this approach, unique implementation details, and future plans to meet Executive Order 14028 requirements in an affordable and robust manner. Understand the importance of open-source solutions in addressing challenges related to licensing, dependencies, and vulnerabilities in software development.
Leveraging Sigstore Capabilities in a Local Environment
Overview
Syllabus
Leveraging Sigstore Capabilities in a Local Environment - Chad Coleman, Lockheed Martin
Taught by
OpenSSF
Related Courses
-
From Cosign to an Ecosystem - The Evolution of Sigstore
-
Hands-on Introduction to Sigstore - Securing the Software Supply Chain
-
Zero Trust Supply Chains with Project Sigstore and SPIFFE
-
Sigstore: Evolution and Future of Software Security Signing
-
An Introduction to Sigstore for Pythonistas
-
Sigstore: 2024 and Beyond
