Jose Castillo Lema

Software Engineer @ RedHat

2 minute read

Linux Foundation Training & Certification provides free online-learning courses on a range of open source topics from Linux to blockchain, networking to cloud, and everything in between, with the possiblity of earning certificates and badges.

I would like to recommend the Securing Your Software Supply Chain with Sigstore course which provides knowledge and skills necessary to secure the integrity of your software by leveraging the Sigstore toolkit, a free and open source project that offers automated signing and verification across release files, container images, binaries, bill of material manifests, and more.

LFS182

Building and distributing software that is secure throughout its entire lifecycle can be challenging, leaving many projects unprepared to build securely by default. Attacks and vulnerabilities can emerge at any step of the chain, from writing to packaging and distributing software to end users.

Recently, several innovative technologies have emerged to improve the integrity of the software supply chain, reducing the friction developers face in implementing security within their daily work. Sigstore, a free and open source project, offers automated signing and verification across release files, container images, binaries, bill of material manifests, and more. These signed materials persist in a tamper-resistant publicly auditable log, so anyone can check for authenticity.

This course will provide you with the knowledge you need to build more securely by default, introducing you to some of the tools under Sigstore’s umbrella: Cosign, Fulcio, and Rekor. Once you complete this course, you will understand how to use Sigstore to secure your software development lifecycle.

By the end of this course, you should be able to:

  • Describe the components of Sigstore and how they support a more secure software supply chain.
  • Be able to sign and verify software artifacts with Sigstore.
  • Understand how to implement Sigstore within the software development lifecycle.

Tags: ,

Updated:

Comments

You May Also Enjoy

Red Hat OpenShift AI learning

less than 1 minute read

OpenShift AI gives data scientists and developers a powerful AI/ML platform for building AI-enabled applications. Data scientists and developers can collabor...