Ir al contenido principal

Securing Your Software Supply Chain with Sigstore

Gain the knowledge and skills necessary to secure the integrity of your software by leveraging the Sigstore toolkit, a free and open source project that offers automated signing and verification across release files, container images, binaries, bill of material manifests, and more.

...
Securing Your Software Supply Chain with Sigstore

Hay una sesión disponible:

¡Ya se inscribieron 45 usuarios!
Una vez finalizada la sesión del curso, será archivadoAbre en una pestaña nueva.
Comienza el 24 jun

Securing Your Software Supply Chain with Sigstore

Gain the knowledge and skills necessary to secure the integrity of your software by leveraging the Sigstore toolkit, a free and open source project that offers automated signing and verification across release files, container images, binaries, bill of material manifests, and more.

Securing Your Software Supply Chain with Sigstore
Aproximadamente 7 semanas
1–2 horas por semana
A tu ritmo
Avanza a tu ritmo
Gratis
Verificación opcional disponible

Hay una sesión disponible:

Una vez finalizada la sesión del curso, será archivadoAbre en una pestaña nueva.
Comienza el 24 jun

Sobre este curso

Omitir Sobre este curso

Building and distributing software that is secure throughout its entire lifecycle can be challenging, leaving many projects unprepared to build securely by default. Attacks and vulnerabilities can emerge at any step of the chain, from writing to packaging and distributing software to end users. Sigstore is one of several innovative technologies that have emerged to improve the integrity of the software supply chain, reducing the friction developers face in implementing security within their daily work.

This course is designed with end users of Sigstore tooling in mind: software developers, DevOps engineers, security engineers, software maintainers, and related roles. To make the best of this course, you will need to be familiar with Linux terminals and using command line tools. You will also need to have intermediate knowledge of cloud computing and DevOps concepts, such as using and building containers and CI/CD systems like GitHub actions.

This course will introduce you to Cosign, Fulcio, and Rekor, the tools under the Sigstore umbrella, explaining how they support a more secure software supply chain. You will learn how to employ these tools throughout your software development, testing, and distribution processes. Additionally, those who use or implement your software will be able to verify its authenticity through tamper-resistant public logs.

Upon completing this course, you will be able to inform your organization’s security strategy and build software more securely by default.

De un vistazo

  • Institución: LinuxFoundationX
  • Tema: Informática
  • Nivel: Introductory
  • Prerrequisitos:
    • Familiarity with using the command line
    • Intermediate knowlegde of cloud computing and DevOps concepts, such as containers, CI/CD systems, GitHub actions, etc.
    • Familiarity with using and building container images
  • Idioma: English
  • Transcripción de video: English

Lo que aprenderás

Omitir Lo que aprenderás
  • Describe the components of Sigstore and how they support a more secure software supply chain.

  • Sign and verify software artifacts with Sigstore.

  • Understand how to implement Sigstore within the software development lifecycle.

Plan de estudios

Omitir Plan de estudios
  • Welcome!
  • Chapter 1. Introducing Sigstore
  • Chapter 2. Cosign: Container Signing, Verification, and Storage in an OCI Registry
  • Chapter 3. Fulcio: A New Kind of Root Certificate Authority For Code Signing
  • Chapter 4. Rekor: Software Supply Chain Transparency Log
  • Chapter 5. Sigstore: Using the Tools and Getting Involved with the Community
  • Final Exam (verified track only)

Acerca de los instructores

¿Quién puede hacer este curso?

Lamentablemente, las personas residentes en uno o más de los siguientes países o regiones no podrán registrarse para este curso: Irán, Cuba y la región de Crimea en Ucrania. Si bien edX consiguió licencias de la Oficina de Control de Activos Extranjeros de los EE. UU. (U.S. Office of Foreign Assets Control, OFAC) para ofrecer nuestros cursos a personas en estos países y regiones, las licencias que hemos recibido no son lo suficientemente amplias como para permitirnos dictar este curso en todas las ubicaciones. edX lamenta profundamente que las sanciones estadounidenses impidan que ofrezcamos todos nuestros cursos a cualquier persona, sin importar dónde viva.

¿Te interesa este curso para tu negocio o equipo?

Capacita a tus empleados en los temas más solicitados con edX para Negocios.