Explore the inner workings of Sigstore code signing in this 28-minute conference talk by Jed Salazar and Zack Newman from Chainguard. Dive into the journey of a Sigstore signature for container images, uncovering the mechanisms behind keyless code signing, certificate authorities, and transparency logs. Learn how to configure admission controllers to establish signing security policies for clusters. Gain insights into how Sigstore components function at both cryptographic and architectural levels, and discover its role in mitigating supply chain attacks. Understand the significance of Sigstore adoption by Kubernetes SIG-release for official container images and its impact on protecting the supply chain for millions of downstream users.
Life of a Sigstore Signature - Understanding Code Signing for Container Images
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Life of a Sigstore Signature - Jed Salazar & Zack Newman, Chainguard
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Gitsign - Keyless Git Commit Signing
-
Zero Trust Supply Chains with Project Sigstore and SPIFFE
-
Sigstore: Evolution and Future of Software Security Signing
-
Hands-on Introduction to Sigstore - Securing the Software Supply Chain
-
No Keys? No Problem - Why You Can Trust Sigstore Signatures
-
Identity-based Source Integrity with Gitsign
