Training > Cybersecurity > Securing Your Software Supply Chain with Sigstore (LFS182)
Training Course

Securing Your Software Supply Chain with Sigstore (LFS182)

Building and distributing software that is secure throughout its entire lifecycle can be challenging. Sigstore can offer you and your team peace of mind, providing you with the tools you need for a more secure software supply chain.

Who Is It For
This course is designed with end users of Sigstore tooling in mind: software developers, DevOps engineers, security engineers, software maintainers, and related roles. To make the best of this course, you will need to be familiar with Linux terminals and using command line tools. You will also need to have intermediate knowledge of cloud computing and DevOps concepts, such as using and building containers and CI/CD systems like GitHub Actions.
read less read more
What You’ll Learn
This course will introduce you to Cosign, Fulcio, Rekor, and the Policy Controller, the tools under the Sigstore umbrella, explaining how they support a more secure software supply chain. You will learn how to employ these tools throughout your software development, testing, and distribution processes. Additionally, those who use or implement your software will be able to verify its authenticity through tamper-resistant public logs.
read less read more
What It Prepares You For
Upon completing this course, you will be able to inform your organization’s security strategy and build software more securely by default.
read less read more
Course Outline
Welcome!
Chapter 1. Introducing Sigstore
Chapter 2. Cosign: Signing and Verifying Containers and Artifacts
Chapter 3. Fulcio: The Trusted Digital Certificate Authority
Chapter 4. Rekor: The Immutable and Secure Transparency Log
Chapter 5. Policy Controller: The Kubernetes Cluster Gatekeeper
Chapter 6. Getting Involved with the Sigstore Community
Prerequisites
Lab exercises have been tested with the following environment details:

  • Labs will work on Linux and macOS
  • Administrative access to enable installing software
    • We are assuming a local machine, but these commands should work on a Linux cloud instance as well
  • Internet connection
  • We recommend at least 2GB of RAM and a 64-bit CPU. 
  • You should have the latest version of Docker and Docker Compose installed, and an account on Docker Hub. At the time of writing (March 2024), Docker Engine should be version 25.1 and Docker Compose should be version 2.24.4. If you are on macOS, you will need to use Docker Desktop; refer to the official documentation for your operating system to ensure that your system meets the necessary requirements. Docker Desktop should be version 4.9 or higher.
  • You should have the latest version of Go installed, at the time of writing this is 1.21.6 (March 2024).
Reviews
Sep 2024
The course provided a great insight into Cosign and its associated components, to ensure security and traceability.
Jun 2024
The labs and course were very helpful towards understanding how all the components of Sigstore interact, and come together to build a secure code supply chain.
Mar 2024
Very good material.
Feb 2024
It was easy to understand.
Feb 2024
Detailed steps to achieve the design/functionality.
Sep 2023
Simple introduction to the topic.
Mar 2023
Clear examples, and brief but clear explanations for the technology involved.
Jan 2023
Very clear and interesting content. Great step-by-step walkthroughs. I also picked up some nice new tools.
Jan 2023
The breakdown of cosign, fulcio, and rekor was really helpful.
Includes
Online, Self Paced
8 Hours of Course Material
Hands-on Lab Exercises
Discussion Forums
Unlimited Access to Online Course
Digital Badge
Course Rating
4.7/5 Stars
Experience Level: Beginner
Training more than 10 people?Get a corporate quote.