Explore software supply chain integrity through Sigstore in this 23-minute conference talk by Marina Moore and Priya Wadhwa from Google. Learn about the importance of Sigstore, its key components like Cosign, and how it enhances software security. Discover practical applications through demos on Cosign verification and the update framework. Gain insights into offline ceremonies, integrations, and real-world implementations such as Tecton Chains. Conclude with a look at future developments and participate in a Q&A session to deepen your understanding of this crucial aspect of software development and distribution.
Software Supply Chain Integrity with Sigstore
Overview
Syllabus
Intro
Meet Marina Priya
Why do we need Sigstore
Cosign
Cosign for other software
Record
Timestamp
Fulcio
Demo
Cosign Verification
Demo Overview
Update Framework
Offline Ceremony
Integrations
Tecton Chains
In Practice
Future Steps
Questions
Taught by
Linux Foundation
Tags
Related Courses
-
Securing Your Software Supply Chain with Sigstore
-
From Cosign to an Ecosystem - The Evolution of Sigstore
-
Hands-on Introduction to Sigstore - Securing the Software Supply Chain
-
Sigstore: Evolution and Future of Software Security Signing
-
Policy Compliance with Sigstore - From Signing Software to Validating the Whole Software Supply Chain
-
Zero Trust Supply Chains with Project Sigstore and SPIFFE
