Hands-on Introduction to sigstore

In this episode, Dan guides us through everything we need to get started with Project sigstore.

🍿 Rawkode Live

Hosted by David McKay / 🐦 https://twitter.com/rawkode
Website: https://rawkode.live
Discord Chat: https://rawkode.live/chat

#RawkodeLive

🕰 Timeline

00:00 - Holding screen
01:15 - Introductions
03:00 - What is Project sigstore?
11:30 - Signing & Verifying Container Images with cosign
34:00 - cosign: keyless mode
41:00 - Transparency Logs with rekor
55:00 - Using Kyverno for Signed Image Policies

👥 About the Guests

Dan Lorenc

OSS Supply Chain Security at Google!

🐦 https://twitter.com/lorenc_dan
🧩 https://github.com/dlorenc
🌏 https://www.danlorenc.com/

🔨 About the Technologies

sigstore

sigstore is a Linux Foundation project.
sigstore is a project with the goal of providing a public good / non-profit service to improve the open source software supply chain by easing the adoption of cryptographic software signing, backed by transparency log technologies.
sigstore will seek to empower software developers to securely sign software artifacts such as release files, container images, binaries, bill of material manifests and more. Signing materials are then stored into a tamper resistant public log
sigstore will be free to use for all developers and software providers, with sigstore’s code and operation tooling being 100% open source and maintained / developed by the sigstore community.

🌏 https://sigstore.dev
🐦 https://twitter.com/projectsigstore
🧩 https://github.com/sigstore

##SupplyChain

Resources related to this video will be displayed here, including links, downloads, and additional materials.