Supply Chain Security with a CLI: valint | Rawkode Academy

Watch / Tutorial 14:44

§ Overview

About this video

What You'll Learn

Generate SLSA and CycloneDX SBOMs for container images, Git repositories, and Go projects.
Sign collected evidence with Sigstore and store it in OCI artifacts.
Enforce cosign policies locally, in CI, or through a Kubernetes admission controller.

Tutorial on Valint, Scribe Security's supply chain CLI. Generate SLSA and CycloneDX SBOMs for containers, Git repos, and Go projects, sign evidence with Sigstore, push to OCI registries, and enforce cosign policies locally, in CI, or as a Kubernetes admission controller.

§ Technologies featured

Weekly Cloud Native insights

Stay ahead in cloud native

Tutorials, deep dives, and curated events. No fluff.

Code

Valint Installation Script

Indigo (Blue Sky Go SDK)

Additional Resources

Scribe Security JFrog Container Registry

More about sigstore

View technology

Building & Running Spin Applications with Docker

Building & Running Spin Applications with Docker

Hands-on Introduction to Trivy

Hands-on Introduction to Trivy

Hands-on Introduction to sigstore

Hands-on Introduction to sigstore