Get started with Sigstore (Free Course!)
In collaboration with the Linux Foundation and the OpenSSF, we’re thrilled to announce a new Sigstore course to educate the industry on how to digitally sign software artifacts to ensure a safer chain of custody that can be traced back to the source. Securing Your Software Supply Chain with Sigstore is a free course written by two of our Guardians, Lisa Tagliaferri and John Speed Meyers.
Sigstore is the new standard for signing, verifying and protecting software. It was started to improve supply chain technology for anyone using open source projects. Sigstore is for open source maintainers, by open source maintainers. With contributions from over 50 organizations, Sigstore is so powerful we recently called on the software industry to standardize on Sigstore and on the U.S. government to signal its support.
Why Did We Create this Course?
Chainguard partnered with Linux Foundation to author this new course because we believe in the power of open source and in empowering everyone to use it to secure their supply chains. It’s important to have good materials to make it equitable and accessible for everyone to have secure software supply chains.
Our Guardians are security experts with experience from diverse backgrounds that combine their knowledge to make open source software secure by default. Our co-founders and many of our Guardians help build Sigstore and regularly contribute to the project. That’s why we're in a unique position to help others understand how to use and adopt secure software from the start.
What Will You Learn?
The course is for anyone new to Sigstore and its sub-projects. It starts by teaching you the basics such as: “What is Software Supply Chain Security?” and defines key terms and concepts like SLSA and SBOM. By the end, you’ll have learnt how to set up your own Sigstore Rekor server with hands-on labs and code examples.
Chapter 1. Introducing Sigstore Chapter 2. Cosign: Container Signing, Verification, and Storage in an OCI Registry Chapter 3. Fulcio: A New Kind of Root Certificate Authority For Code Signing Chapter 4. Rekor: Software Supply Chain Transparency Log Chapter 5. Sigstore: Using the Tools and Getting Involved with the Community
Don’t dilly-dally, it’s free! Sign up to get the knowledge to better secure your supply chain.
Share this article
Related articles
- Open Source
Fork Yeah: We’re Bringing Kaniko Back
Priya Wadhwa, Senior Engineering Manager, Kim Lewandowski, Co-founder & CPO, and Dan Lorenc, Co-founder & CEO
- Open Source
Guardcraft: A Minecraft Java Server with Zero CVEs
Erika Heidi, Staff Developer Experience Engineer
- Open Source
Wolfi: a new paradigm in Linux for containers
Erika Heidi, Developer Experience Engineer
- Open Source
Kubeburned out? Navigating the world of Kubernetes without losing your spark
Carlos Panato, Staff Software Engineer and Sascha Grunert, Senior Software Engineer, Red Hat
- Open Source
Unlocking efficiency and security on GitLab: On-demand images with 0-CVE packages powered by Wolfi
Batuhan Apaydin and Furkan Türkal
- Open Source
VEXed? Then Grype about it: Chainguard and Anchore announce Grype supports OpenVEX
Adolfo Veytia, Alex Goodman, Dan Luhring, and John Speed Meyers