LinuxFoundationX: Securing Your Software Supply Chain with Sigstore
|
Gain the knowledge and skills necessary to secure the integrity of your software by leveraging the Sigstore toolkit, a free and open source project that offers automated signing and verification across release files, container images, binaries, bill of material manifests, and more.
About this course
Building and distributing software that is secure throughout its entire lifecycle can be challenging, leaving many projects unprepared to build securely by default. Attacks and vulnerabilities can emerge at any step of the chain, from writing to packaging and distributing software to end users. Sigstore is one of several innovative technologies that have emerged to improve the integrity of the software supply chain, reducing the friction developers face in implementing security within their daily work.
This course is designed with end users of Sigstore tooling in mind: software developers, DevOps engineers, security engineers, software maintainers, and related roles. To make the best of this course, you will need to be familiar with Linux terminals and using command line tools. You will also need to have intermediate knowledge of cloud computing and DevOps concepts, such as using and building containers and CI/CD systems like GitHub actions.
This course will introduce you to Cosign, Fulcio, Rekor, and the Policy Controller, the tools under the Sigstore umbrella, explaining how they support a more secure software supply chain. You will learn how to employ these tools throughout your software development, testing, and distribution processes. Additionally, those who use or implement your software will be able to verify its authenticity through tamper-resistant public logs.
Upon completing this course, you will be able to inform your organization’s security strategy and build software more securely by default.
At a Glance:
Institution: LinuxFoundationX
Subject: Computer Science
Level: Introductory
Prerequisites:
Familiarity with using the command line
Intermediate knowlegde of cloud computing and DevOps concepts, such as containers, CI/CD systems, GitHub actions, etc.
Familiarity with using and building container images
Language: English
Video Transcript: English
Associated skills:Security Strategies, Cloud Computing, DevOps, Packaging And Labeling, Automation, Supply Chain, Manifests, Innovation, Command-Line Interface, Open Source Technology, Tooling, Bill Of Materials, Linux, Github, Vulnerability, Software Development
User Reviews
Be the first to review “LinuxFoundationX: Securing Your Software Supply Chain with Sigstore”
Related Products
DartmouthX, IMTx: C Programming: Getting Started
Start learning one of the most powerful and widely used programming languages: C.
RedHat: Fundamentals of Red Hat Enterprise Linux 9
This course is designed to equip students with the skills and knowledge needed for effective administration of Linux systems, with a particular focus on Red Hat® Enterprise Linux® . It covers fundamental Linux concepts, command-line tools, system management, and network configuration, using both the command-line interface and web console.
LinuxFoundationX: Introduction to Open Source Networking Technologies
Learn technical fundamentals needed to adopt SDN, NFV, disaggregation, orchestration, network automation, and modern networking. Discover use cases and technical options for open networking. Plus: learn more about The Linux Foundation networking projects.
LinuxFoundationX: Open Source Software Development: Linux for Developers
Start your open source software (OSS) adventure today by learning the key concepts of developing open source software and how to work productively in a Linux environment.
LinuxFoundationX: Introduction to Kubernetes on Edge with K3s
Learn the use cases and applications of Kubernetes at the edge through practical examples, hands-on lab exercises and a technical overview of the K3s project and the cloud native edge ecosystem.
DartmouthX, IMTx: C Programming: Language Foundations
Master foundational concepts in the C programming language such as logical statements and arrays.
There are no reviews yet.