Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Policy Compliance with Sigstore - From Signing Software to Validating the Whole Software Supply Chain

Linux Foundation via YouTube

Overview

Explore the world of software supply chain security in this 34-minute conference talk from the Linux Foundation. Learn about Sigstore, an open-source initiative designed to provide free and user-friendly software signing and verification tools. Discover how to leverage automation, CI/CD pipelines, and policy tools like OPA to make informed decisions about code acceptance across build, test, and production systems. Gain insights into Red Hat's investigations on using Sigstore, Keylime, and Tekton Chains to verify software throughout the cloud-native build and deployment process, while enforcing verified policies. Delve into topics such as Kubernetes dependencies, software supply chains, open-source security, and the importance of software signing, verification, and policy compliance in today's threat landscape.

Syllabus

Introduction
Kubernetes dependencies
Software supply chains
Softwar overview
Open source
Software signing
Software Policy
Software Verification
Overview

Taught by

Linux Foundation

Reviews

Start your review of Policy Compliance with Sigstore - From Signing Software to Validating the Whole Software Supply Chain

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.