Hands-on Introduction to sigstore
In this episode, Dan guides us through everything we need to get started with Project sigstore.๐ฟ Rawkode LiveHosted by David McKay / ๐ฆ https://twitter.com/rawkodeWebsite: https://rawkode.liveDiscord Chat: https://rawkode.live/chat#RawkodeLive๐ฐ Timeline00:00 - Holding screen01:15 - Introductions03:00 - What is Project sigstore?11:30 - Signing & Verifying Container Images with cosign34:00 - cosign: keyless mode41:00 - Transparency Logs with rekor55:00 - Using Kyverno for Signed Image Policies๐ฅ About the GuestsDan Lorenc OSS Supply Chain Security at Google!๐ฆ https://twitter.com/lorenc_dan๐งฉ https://github.com/dlorenc๐ https://www.danlorenc.com/๐จ About the Technologiessigstoresigstore is a Linux Foundation project.sigstore is a project with the goal of providing a public good / non-profit service to improve the open source software supply chain by easing the adoption of cryptographic software signing, backed by transparency log technologies.sigstore will seek to empower software developers to securely sign software artifacts such as release files, container images, binaries, bill of material manifests and more. Signing materials are then stored into a tamper resistant public logsigstore will be free to use for all developers and software providers, with sigstoreโs code and operation tooling being 100% open source and maintained / developed by the sigstore community.๐ https://sigstore.dev๐ฆ https://twitter.com/projectsigstore๐งฉ https://github.com/sigstore##SupplyChain