Explore Yahoo's year-long journey integrating Sigstore to enhance supply chain security in this 34-minute conference talk from the Cloud Native Computing Foundation (CNCF). Learn how the Paranoids, Yahoo's information security organization, successfully secured approximately 60,000 daily builds across 700 clusters and 100,000 pods. Discover the image signing and verification process, and gain insights into the enhancements implemented for an "enterprise-grade" Sigstore deployment at Yahoo's scale. Understand how Sigstore components were adapted to Yahoo's corporate environment, utilizing their own certificate authority and identity provider (Athenz). Gain valuable knowledge on implementing Sigstore in Continuous Integration (CI) pipelines, customized for specific components and enterprise architectures. Leave equipped with practical strategies to secure your own supply chain using Sigstore artifact signatures at scale.
Securing the Supply Chain with Sigstore Artifact Signatures at Scale
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Securing the Supply Chain with Sigstore Artifacts Signatures at Scale
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Zero Trust Supply Chains with Project Sigstore and SPIFFE
-
Securing GitOps Supply Chain with Sigstore and Kyverno
-
Hands-on Introduction to Sigstore - Securing the Software Supply Chain
-
No Keys? No Problem - Why You Can Trust Sigstore Signatures
-
Life of a Sigstore Signature - Understanding Code Signing for Container Images
-
Zero-Trust Supply Chain Security with Sigstore, TektonCD and SPIFFE
