Securing Software Supply Chain with Sigstore
Sigstore toolkit enables automated software supply chain security through digital signing and verification of releases and containers.
Sigstore toolkit enables automated software supply chain security through digital signing and verification of releases and containers.
Discover how to build and maintain secure software throughout its lifecycle with Sigstore. This course teaches developers and DevOps professionals how to implement security measures using the Sigstore toolkit. Learn about key components like Cosign, Fulcio, Rekor, and Policy Controller while mastering techniques for signing and verifying software artifacts. Gain practical experience in integrating Sigstore tools into your development workflow, enabling tamper-resistant verification through public logs. Perfect for those looking to enhance their software security practices and implement secure-by-default principles.
Instructors:
English
English
Powered by
What you'll learn
Understand the core components of Sigstore and their role in software supply chain security
Implement automated signing and verification for software artifacts
Master the use of Cosign for container and artifact security
Utilize Fulcio for managing digital certificates
Work with Rekor for maintaining secure transparency logs
Deploy Policy Controller in Kubernetes environments
Skills you'll gain
This course includes:
PreRecorded video
Graded assignments, exams
Access on Mobile, Tablet, Desktop
Limited Access access
Shareable certificate
Closed caption
Get a Completion Certificate
Share your certificate with prospective employers and your professional network on LinkedIn.
Created by
Provided by
Top companies offer this course to their employees
Top companies provide this course to enhance their employees' skills, ensuring they excel in handling complex projects and drive organizational success.
There are 7 modules in this course
This comprehensive course covers software supply chain security using Sigstore. Students learn about the core components of Sigstore including Cosign for signing and verifying containers, Fulcio for digital certificate management, Rekor for transparency logging, and Policy Controller for Kubernetes security. The curriculum combines theoretical understanding with practical implementation, focusing on real-world applications in modern software development environments. Participants gain hands-on experience with security tools while learning best practices for maintaining software integrity throughout the development lifecycle.
Introducing Sigstore
Module 1
Cosign: Signing and Verifying Containers and Artifacts
Module 2
Fulcio: The Trusted Digital Certificate Authority
Module 3
Rekor: The Immutable and Secure Transparency Log
Module 4
Policy Controller: The Kubernetes Cluster Gatekeeper
Module 5
Getting Involved with the Sigstore Community
Module 6
Final Exam
Module 7
Fee Structure
Instructors
1 Course
Expert in Developer Education and Open Source Technologies
Lisa Tagliaferri is the Head of Developer Education at Chainguard, where she leads initiatives to make secure software development practices more accessible. With over 45 million global readers, her open access books and tutorials on Python, Kubernetes, and machine learning have significantly impacted the developer community. Tagliaferri's expertise spans both technology and humanities, holding a PhD from the City University of New York and an MSc from the University of London. Her academic background includes postdoctoral positions at MIT and Harvard University's Villa I Tatti, as well as teaching experience in computer sciences and digital humanities at the undergraduate and graduate levels. At Chainguard, she focuses on developing resources to integrate security seamlessly into the software lifecycle. Tagliaferri is also a Visiting Scholar at Rutgers University, where she teaches a graduate seminar on Digital Humanities. Her interdisciplinary approach bridges technical expertise with a deep understanding of learning methodologies, making her a leading voice in developer education and open source technologies.
1 Course
Leading Expert in Software Supply Chain Security and Open Source Research
John Speed Meyers is the Head of Chainguard Labs at Chainguard, where he leads research initiatives focused on open source software security, software supply chain security, and container security. His career spans influential roles across research and policy, including positions at IQT Labs, RAND Corporation, and the Center for Strategic and Budgetary Assessments. Meyers has made significant contributions to understanding software supply chain attacks and security, co-authoring influential research on measuring attack frequencies and analyzing open source software components in modern applications. His work suggests that up to 99% of smaller software applications consist of open source code, highlighting the critical importance of supply chain security. As a nonresident senior fellow with the Atlantic Council's Cyber Statecraft Initiative, Meyers contributes to broader policy discussions on cybersecurity. His academic credentials include a PhD in policy analysis from the Pardee RAND Graduate School, a Master of Public Affairs from Princeton's School of Public and International Affairs, and a BA in international relations from Tufts University. Through his research and advocacy, Meyers continues to shape industry understanding of software supply chain security, particularly through his work on frameworks like SBOM (Software Bill of Materials) and his analysis of major security incidents such as Log4Shell and XZ Utils.
Testimonials
Testimonials and success stories are a testament to the quality of this program and its impact on your career and learning journey. Be the first to help others make an informed decision by sharing your review of the course.
Frequently asked questions
Below are some of the most commonly asked questions about this course. We aim to provide clear and concise answers to help you better understand the course content, structure, and any other relevant information. If you have any additional questions or if your question is not listed here, please don't hesitate to reach out to our support team for further assistance.