So You Want to Run Your Own Sigstore - Recommendations for a Secure Setup
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Intro
Sigstore Overview - Fulcio
Sigstore Overview - Rekor
Why a Private Sigstore?
Artifact Signing Keys
Private CAs
Private Fulcio
What's a Transparency Log?
Transparency Logs in Sigstore
Do I Need Transparency Logs?
You Must Monitor!
Timestamping in Sigstore
Problems with Key Management
The Update Framework
How to Deploy Sigstore
Taught by
CNCF [Cloud Native Computing Foundation]