In this episode, Dan guides us through everything we need to get started with Project sigstore.
🍿 Rawkode Live
Hosted by David McKay / 🐦 https://twitter.com/rawkode
Discord Chat: https://rawkode.live/chat
00:00 – Holding screen
01:15 – Introductions
03:00 – What is Project sigstore?
11:30 – Signing & Verifying Container Images with cosign
34:00 – cosign: keyless mode
41:00 – Transparency Logs with rekor
55:00 – Using Kyverno for Signed Image Policies
👥 About the Guests
OSS Supply Chain Security at Google!
🔨 About the Technologies
sigstore is a Linux Foundation project.
sigstore is a project with the goal of providing a public good / non-profit service to improve the open source software supply chain by easing the adoption of cryptographic software signing, backed by transparency log technologies.
sigstore will seek to empower software developers to securely sign software artifacts such as release files, container images, binaries, bill of material manifests and more. Signing materials are then stored into a tamper resistant public log
sigstore will be free to use for all developers and software providers, with sigstore’s code and operation tooling being 100% open source and maintained / developed by the sigstore community.
source by Rawkode Academy