Explore the journey of Sigstore, a Linux Foundation project providing non-profit software security cryptographic signing services, in this informative conference talk. Learn about the project's inception, current status, and future direction as presented by Bob Callaway from Red Hat and Dan Lorenc from Google. Discover how Sigstore, often compared to 'Let's Encrypt' for software signing, is being implemented to protect Kubernetes release container images and verify them directly in Kubernetes release infrastructure. Gain insights into the project's adoption by various communities such as Python, RubyGems, WebAssembly, and Maven. Delve into topics including supply chain security, software signing and provenance, and the technology behind Sigstore. Witness live demonstrations of a Go application, FullCoTransparency Log, Cosign, and Open Identity Flow. Understand the role of JSON Web Tokens and Inclusion Proofs in the Sigstore ecosystem.
Sigstore: Evolution and Future of Software Security Signing
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
Agenda
Supply chain security
Software signing and provenance
Technology behind Sigstore
Community stats
Demos
Demo 1 Go Application
FullCo
Transparency Log
Cosign
Demo
Open Identity Flow
JSON Web Token
Inclusion Proof
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Securing Your Software Supply Chain with Sigstore
-
Hands-on Introduction to Sigstore - Securing the Software Supply Chain
-
Sigstore: Past, Present and Future Directions
-
Sigstore: Using Transparent Digital Signatures to Help Secure the Software Supply Chain
-
Zero Trust Supply Chains with Project Sigstore and SPIFFE
-
Software Supply Chain Integrity with Sigstore
