Sigstore
Sigstore
  • 87
  • 5 654
Charting the Path to Software Integrity: Red Hat’s Journey with Sigstore - Lance Ball & Brian Cook
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/
Charting the Path to Software Integrity: Red Hat’s Journey with Sigstore - Lance Ball & Brian Cook, Red Hat
In the evolving landscape of software supply chain security, Red Hat has embarked on a transformative journey, fully embracing the Sigstore ecosystem. Today, Red Hat's internal product pipelines rely on Sigstore’s Cosign to sign software releases, and Rekor provides an immutable transaction log, enabling customers to verify the integrity of downloaded software artifacts. This integration has been pivotal in ensuring the trustworthiness of the software that Red Hat distributes. As we navigated the intricacies of this integration, we gained deep insights into how Sigstore functions, encountered and overcame various challenges, and refined our approach to secure software delivery. In deploying Sigstore internally, we faced a number of obstacles that could make it challenging for large enterprises to adopt Sigstore for their own software delivery supply chains. We want to share with you how we overcame these challenges, and how we think the Sigstore ecosystem of services can be improved. Join us as we take you through Red Hat’s journey with Sigstore -sharing valuable lessons learned, highlighting the pitfalls we encountered, and showcasing how we fortified our software supply chain.
Переглядів: 44

Відео

Papers, Please - Scrutinizing AI Model Creation - Parth Patel, Kusari & Mihai Maruseac, Google
Переглядів 7221 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ Papers, Please...
Rekor V2: What's Next for Sigstore's Transparency Log - Hayden Blauzvern & Colleen Murphy, Google
Переглядів 10621 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ Rekor V2: What...
Welcome & Opening Remarks - Hayden Blauzvern, Technical Lead Manager, Google
Переглядів 3521 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ Welcome & Open...
The Challenges of Building a Sigstore Implementation from Scratch - Samuel Giddins, Ruby Central
Переглядів 15521 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ The Challenges...
Sigstore & TUF Conformance Testing: Are Clients Playing by the R... Adam Korczynski & Jussi Kukkonen
Переглядів 3521 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ Sigstore & TUF...
The Next 5 Years of Supply Chain Security on PyPI - William Woodruff, Trail of Bits
Переглядів 2721 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ The Next 5 Yea...
Sigstore-Powered Hunting: Uncovering North Korean APT Attacks on the OSS Supply... Poppaea McDermott
Переглядів 8021 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ Sigstore-Power...
Keynote: Building Trust in AI - Luke Hinds, Co-founder & CTO, Stacklok
Переглядів 1921 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ Keynote: Build...
Keynote: Sigstore's Future - Bob Callaway, Head of Open Source Security Team, Google
Переглядів 1321 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ Keynote: Sigst...
Trends and Ecosystem Dynamics in Sigstore - Chinenye Okafor, Purdue University
Переглядів 1721 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ Trends and Eco...
Rewriting Root-Signing -- a Deep Dive Into Sigstore Trust Root Delivery - Jussi Kukkonen, Google
Переглядів 5721 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ Rewriting Root...
Cosign: Keeping up with the Client Libraries - Zach Steindler, GitHub
Переглядів 2621 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ Cosign: Keepin...
The SBOM Revolution: How Sigstore, in-Toto, SBOMit, and Bomctl Are... Ian Dunbar-Hall & Marc Frankel
Переглядів 6821 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ The SBOM Revol...
Understanding the Identity of a CI Platform - Richard Fan, N/A
Переглядів 4521 день тому
Sigstore is a set of tools developers, software maintainers, package managers and security experts can benefit from. Bringing together free-to-use open source technologies like Fulcio, Cosign and Rekor, it handles digital signing, verification and checks for provenance needed to make it safer to distribute and use open source software. Click here to learn more - www.sigstore.dev/ Understanding ...
Sigstore Community Meeting - October 29, 2024
Переглядів 28Місяць тому
Sigstore Community Meeting - October 29, 2024
Sigstore Community Meeting - October 15, 2024
Переглядів 27Місяць тому
Sigstore Community Meeting - October 15, 2024
Sigstore Community Meeting - September 17, 2024
Переглядів 232 місяці тому
Sigstore Community Meeting - September 17, 2024
Sigstore Community Meeting - September 3, 2024
Переглядів 313 місяці тому
Sigstore Community Meeting - September 3, 2024
Sigstore Community Meeting - August 20, 2024
Переглядів 193 місяці тому
Sigstore Community Meeting - August 20, 2024
Sigstore Community Meeting - August 6, 2024
Переглядів 384 місяці тому
Sigstore Community Meeting - August 6, 2024
Sigstore Community Meeting - July 23, 2024
Переглядів 174 місяці тому
Sigstore Community Meeting - July 23, 2024
Sigstore Community Meeting - July 9, 2024
Переглядів 305 місяців тому
Sigstore Community Meeting - July 9, 2024
Sigstore Community Meeting - June 25, 2024
Переглядів 145 місяців тому
Sigstore Community Meeting - June 25, 2024
Sigstore Community Meeting - June 11, 2024
Переглядів 846 місяців тому
Sigstore Community Meeting - June 11, 2024
Sigstore Community Meeting - May 28, 2024
Переглядів 266 місяців тому
Sigstore Community Meeting - May 28, 2024
Sigstore Community Meeting - May 14, 2024
Переглядів 366 місяців тому
Sigstore Community Meeting - May 14, 2024
Sigstore Community Meeting - April 30, 2024
Переглядів 307 місяців тому
Sigstore Community Meeting - April 30, 2024
Sigstore Community Meeting - April 2, 2024
Переглядів 258 місяців тому
Sigstore Community Meeting - April 2, 2024
Sigstore Community Meeting - February 20, 2024
Переглядів 429 місяців тому
Sigstore Community Meeting - February 20, 2024