Explore the world of software supply chain security in this 34-minute conference talk from the Linux Foundation. Learn about Sigstore, an open-source initiative designed to provide free and user-friendly software signing and verification tools. Discover how to leverage automation, CI/CD pipelines, and policy tools like OPA to make informed decisions about code acceptance across build, test, and production systems. Gain insights into Red Hat's investigations on using Sigstore, Keylime, and Tekton Chains to verify software throughout the cloud-native build and deployment process, while enforcing verified policies. Delve into topics such as Kubernetes dependencies, software supply chains, open-source security, and the importance of software signing, verification, and policy compliance in today's threat landscape.
Policy Compliance with Sigstore - From Signing Software to Validating the Whole Software Supply Chain
Overview
Syllabus
Introduction
Kubernetes dependencies
Software supply chains
Softwar overview
Open source
Software signing
Software Policy
Software Verification
Overview
Taught by
Linux Foundation
Tags
Related Courses
-
Securing Your Software Supply Chain with Sigstore
-
In-Toto: Attestations and Software Supply Chain Security
-
Sigstore: Evolution and Future of Software Security Signing
-
Securing the Open Source Software Supply Chain
-
Hands-on Introduction to Sigstore - Securing the Software Supply Chain
-
Software Supply Chain Integrity with Sigstore
