We may earn an affiliate commission when you visit our partners.
Course image
Lisa Tagliaferri, John Speed Meyers, and Randall Luis Thornberry Vasquez

Building and distributing software that is secure throughout its entire lifecycle can be challenging, leaving many projects unprepared to build securely by default. Attacks and vulnerabilities can emerge at any step of the chain, from writing to packaging and distributing software to end users. Sigstore is one of several innovative technologies that have emerged to improve the integrity of the software supply chain, reducing the friction developers face in implementing security within their daily work.

Read more

Building and distributing software that is secure throughout its entire lifecycle can be challenging, leaving many projects unprepared to build securely by default. Attacks and vulnerabilities can emerge at any step of the chain, from writing to packaging and distributing software to end users. Sigstore is one of several innovative technologies that have emerged to improve the integrity of the software supply chain, reducing the friction developers face in implementing security within their daily work.

This course is designed with end users of Sigstore tooling in mind: software developers, DevOps engineers, security engineers, software maintainers, and related roles. To make the best of this course, you will need to be familiar with Linux terminals and using command line tools. You will also need to have intermediate knowledge of cloud computing and DevOps concepts, such as using and building containers and CI/CD systems like GitHub actions.

This course will introduce you to Cosign, Fulcio, Rekor, and the Policy Controller, the tools under the Sigstore umbrella, explaining how they support a more secure software supply chain. You will learn how to employ these tools throughout your software development, testing, and distribution processes. Additionally, those who use or implement your software will be able to verify its authenticity through tamper-resistant public logs.

Upon completing this course, you will be able to inform your organization’s security strategy and build software more securely by default.

What's inside

Learning objectives

  • Describe the components of sigstore and how they support a more secure software supply chain.
  • Sign and verify software artifacts with sigstore.
  • Understand how to implement sigstore within the software development lifecycle.

Syllabus

Welcome
1. Introducing Sigstore
2. Cosign: Signing and Verifying Containers and Artifacts
3. Fulcio: The Trusted Digital Certificate Authority
Read more
4. Rekor: The Immutable and Secure Transparency Log
5. Policy Controller: The Kubernetes Cluster Gatekeeper
6. Getting Involved with the Sigstore Community
Final Exam (verified track only)

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Teaches about industry standard software and tools
Covers the essentials for secure software creation
Designed for those with existing knowledge and experience in building and distributing software
Requires intermediate knowledge of cloud computing and DevOps concepts
Develops skills for maintaining secure software supply chains
Involves multiple tool sign and verify signatures

Save this course

Save Securing Your Software Supply Chain with Sigstore to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Securing Your Software Supply Chain with Sigstore with these activities:
Review Cloud Computing and DevOps Concepts
Refreshing your knowledge of cloud computing and DevOps concepts will help you better understand the context of Sigstore.
Browse courses on Cloud Computing
Show steps
  • Review textbooks or online resources on cloud computing
  • Review textbooks or online resources on DevOps
  • Complete practice exercises or quizzes
Read 'Building Secure Software: How to Avoid Security Problems the Right Way'
This book provides valuable insights into software security best practices that complement the concepts covered in this course.
Show steps
  • Read chapters on secure software development principles
  • Review examples of common security vulnerabilities
  • Apply the principles to your own software development projects
Attend a Sigstore Workshop
Attending a Sigstore workshop provides hands-on experience and insights from experts.
Show steps
  • Find a Sigstore workshop that aligns with your interests
  • Register for the workshop
  • Attend the workshop
  • Participate in hands-on exercises and discussions
Five other activities
Expand to see all activities and additional details
Show all eight activities
Complete Sigstore Academy Tutorials
The Sigstore Academy tutorials offer interactive learning experiences that reinforce the concepts covered in this course.
Show steps
  • Browse the Sigstore Academy tutorials
  • Select a tutorial that aligns with your interests
  • Follow the tutorial instructions
Practice Signing and Verifying Artifacts
Practice signing and verifying containers and artifacts to solidify your understanding of Cosign.
Show steps
  • Set up a local development environment
  • Sign a container image using Cosign
  • Verify the signature of a container image using Cosign
Experiment with Rekor and Fulcio
Experimenting with Rekor and Fulcio will give you practical experience with these tools.
Show steps
  • Set up a local development environment
  • Create a Fulcio certificate
  • Use Rekor to log a hash
  • Verify the log entry using Rekor
Write a Blog Post on Sigstore Concepts
Writing a blog post helps you synthesize your knowledge of Sigstore concepts and share it with others.
Show steps
  • Research Sigstore and its components
  • Outline your blog post structure
  • Write the content for each section
  • Edit and proofread your blog post
  • Publish your blog post
Contribute to the Sigstore Community
Contributing to the Sigstore community allows you to give back and gain experience working on real-world projects.
Browse courses on Software Development
Show steps
  • Find a project or issue to contribute to
  • Read the project's documentation
  • Make a code contribution
  • Submit a pull request

Career center

Learners who complete Securing Your Software Supply Chain with Sigstore will develop knowledge and skills that may be useful to these careers:
Security Engineer
Security Engineers develop and implement security procedures and protocols for organizations. A career as a Security Engineer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course can be helpful as it covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Chief Information Security Officer (CISO)
Chief Information Security Officers (CISOs) are responsible for overseeing the security of an organization's information systems. A career as a CISO may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Software Developer
Software Developers build and maintain computer programs. It is a career that allows one to build software applications as well as work on design implementation. A career as a Software Developer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course can be helpful as it covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Security Architect
Security Architects design and implement security measures for an organization's computer systems. A career as a Security Architect may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Software Engineer
Software engineers are responsible for the design, developing, and maintenance of software applications. A career as a Software Engineer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course can be helpful as it covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Penetration Tester
Penetration Testers are responsible for identifying security vulnerabilities in computer systems. A career as a Penetration Tester may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Information Security Analyst
Information Security Analysts are responsible for protecting computer systems from security breaches. A career as an Information Security Analyst may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Security Consultant
Security Consultants provide advice and guidance on security matters to organizations. A career as a Security Consultant may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
DevOps Engineer
DevOps Engineers work in a cross-functional capacity ensuring that software is built, tested, and released efficiently. A career as a DevOps Engineer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course can be helpful as it covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Software Architect
A Software Architect's job is to create and design the software for a company or client. It also involves overseeing software development projects. A career as a Software Architect may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course can be helpful for working with the development of cloud as well as developing and implementing security protocol throughout the software supply chain.
Cloud Engineer
Cloud Engineers are responsible for managing cloud computing systems and services for a company or client. A career as a Cloud Engineer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Systems Engineer
Systems Engineers oversee and manage complex computer systems. It typically involves being responsible for multiple projects at once. A career as a Systems Engineer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Chief Technology Officer (CTO)
Chief Technology Officers (CTOs) are responsible for overseeing the technology strategy of an organization. A career as a CTO may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course may be useful as it provides knowledge on maintaining and developing security protocol.
Network Engineer
Network Engineers are in charge of designing, implementing, and managing computer networks for a company or client. A career as a Network Engineer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course may be useful as some of the topics covered involve cloud computing.
Database Administrator
Database Administrators maintain and ensure the performance of company or client databases. A career as a Database Administrator may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course may be useful as some of the topics covered involve cloud computing.

Reading list

We've selected six books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Securing Your Software Supply Chain with Sigstore.
A comprehensive guide to DevOps, covering the principles, practices, and tools for building high-performing DevOps teams.
A practical guide to secure coding, covering common vulnerabilities and how to avoid them.
A detailed guide to Site Reliability Engineering (SRE) practices at Google, focusing on building and operating reliable software systems.
A fictional story that illustrates the principles and practices of DevOps, focusing on the importance of collaboration and organizational culture.
A guide to building successful startups using the lean methodology, emphasizing the importance of customer feedback and iterative development.

Share

Help others find this course page by sharing it with your friends and followers:

Similar courses

Here are nine courses similar to Securing Your Software Supply Chain with Sigstore.
Distributing Excel Workbooks
Most relevant
DevOps with GitHub and Azure: Implementing Software...
Most relevant
Secure Software Supply Chain for CSSLP®
Most relevant
Supply Chain Risk Management with OWASP Dependency-Check
Most relevant
Introduction to DevSecOps on Azure
Most relevant
Secure Software Development: Requirements, Design, and...
Kubernetes Security: Implementing Supply Chain Security
Securing Windows Server 2016 Virtualization
Secure Software Development: Verification and More...
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser