We may earn an affiliate commission when you visit our partners.
Lisa Tagliaferri,
John Speed Meyers,
and
Randall Luis Thornberry Vasquez
Building and distributing software that is secure throughout its entire lifecycle can be challenging, leaving many projects unprepared to build securely by default. Attacks and vulnerabilities can emerge at any step of the chain, from writing to packaging and distributing software to end users. Sigstore is one of several innovative technologies that have emerged to improve the integrity of the software supply chain, reducing the friction developers face in implementing security within their daily work.
Read more
Building and distributing software that is secure throughout its entire lifecycle can be challenging, leaving many projects unprepared to build securely by default. Attacks and vulnerabilities can emerge at any step of the chain, from writing to packaging and distributing software to end users. Sigstore is one of several innovative technologies that have emerged to improve the integrity of the software supply chain, reducing the friction developers face in implementing security within their daily work.
Read more
Building and distributing software that is secure throughout its entire lifecycle can be challenging, leaving many projects unprepared to build securely by default. Attacks and vulnerabilities can emerge at any step of the chain, from writing to packaging and distributing software to end users. Sigstore is one of several innovative technologies that have emerged to improve the integrity of the software supply chain, reducing the friction developers face in implementing security within their daily work.
This course is designed with end users of Sigstore tooling in mind: software developers, DevOps engineers, security engineers, software maintainers, and related roles. To make the best of this course, you will need to be familiar with Linux terminals and using command line tools. You will also need to have intermediate knowledge of cloud computing and DevOps concepts, such as using and building containers and CI/CD systems like GitHub actions.
This course will introduce you to Cosign, Fulcio, Rekor, and the Policy Controller, the tools under the Sigstore umbrella, explaining how they support a more secure software supply chain. You will learn how to employ these tools throughout your software development, testing, and distribution processes. Additionally, those who use or implement your software will be able to verify its authenticity through tamper-resistant public logs.
Upon completing this course, you will be able to inform your organization’s security strategy and build software more securely by default.
Register for this course and see more details by visiting:
OpenCourser.com/course/xntr3t/securing
Two deals to help you save
We found two deals and offers that may be relevant to this course.
Save money when you learn.
All coupon codes, vouchers, and discounts are applied automatically unless otherwise noted.
Ended October 28
Success starts within
Accelerate your journey toward personal and professional growth with savings on all programs.
Take
30%
off
Valid for a limited time only
Future-proof your career
Access O'Reilly books, live events, courses, and more. Save with an annual subscription.
Take
15%
off
What's inside
Learning objectives
- Describe the components of sigstore and how they support a more secure software supply chain.
- Sign and verify software artifacts with sigstore.
- Understand how to implement sigstore within the software development lifecycle.
- Describe the components of sigstore and how they support a more secure software supply chain.
- Sign and verify software artifacts with sigstore.
- Understand how to implement sigstore within the software development lifecycle.
Syllabus
Welcome
1. Introducing Sigstore
2. Cosign: Signing and Verifying Containers and Artifacts
3. Fulcio: The Trusted Digital Certificate Authority
Read more
Syllabus
Welcome
1. Introducing Sigstore
2. Cosign: Signing and Verifying Containers and Artifacts
3. Fulcio: The Trusted Digital Certificate Authority
Read more
4. Rekor: The Immutable and Secure Transparency Log
5. Policy Controller: The Kubernetes Cluster Gatekeeper
6. Getting Involved with the Sigstore Community
Final Exam (verified track only)
Good to know
Good to know
Know what's good ,
what to watch for , and
possible dealbreakers
Teaches about industry standard software and tools
Covers the essentials for secure software creation
Designed for those with existing knowledge and experience in building and distributing software
Requires intermediate knowledge of cloud computing and DevOps concepts
Develops skills for maintaining secure software supply chains
Involves multiple tool sign and verify signatures
Save this course
Save Securing Your Software Supply Chain with Sigstore to your list so you can find it easily later:
Save
Save
Activities
Be better prepared
before
your course. Deepen your understanding
during
and
after
it. Supplement your coursework and achieve mastery of the topics covered
in Securing Your Software Supply Chain with Sigstore with these
activities:
Review Cloud Computing and DevOps Concepts
Show steps
Refreshing your knowledge of cloud computing and DevOps concepts will help you better understand the context of Sigstore.
Browse courses on
Cloud Computing
Show steps
-
Review textbooks or online resources on cloud computing
-
Review textbooks or online resources on DevOps
-
Complete practice exercises or quizzes
Read 'Building Secure Software: How to Avoid Security Problems the Right Way'
Show steps
This book provides valuable insights into software security best practices that complement the concepts covered in this course.
View
Building Secure Software: How to Avoid Security...
on Amazon
Show steps
-
Read chapters on secure software development principles
-
Review examples of common security vulnerabilities
-
Apply the principles to your own software development projects
Attend a Sigstore Workshop
Show steps
Attending a Sigstore workshop provides hands-on experience and insights from experts.
Browse courses on
Software Supply Chain Security
Show steps
-
Find a Sigstore workshop that aligns with your interests
-
Register for the workshop
-
Attend the workshop
-
Participate in hands-on exercises and discussions
Five other activities
Expand to see all activities and additional details
Show all eight activities
Complete Sigstore Academy Tutorials
Show steps
The Sigstore Academy tutorials offer interactive learning experiences that reinforce the concepts covered in this course.
Browse courses on
Software Supply Chain Security
Show steps
-
Browse the Sigstore Academy tutorials
-
Select a tutorial that aligns with your interests
-
Follow the tutorial instructions
Practice Signing and Verifying Artifacts
Show steps
Practice signing and verifying containers and artifacts to solidify your understanding of Cosign.
Show steps
-
Set up a local development environment
-
Sign a container image using Cosign
-
Verify the signature of a container image using Cosign
Experiment with Rekor and Fulcio
Show steps
Experimenting with Rekor and Fulcio will give you practical experience with these tools.
Show steps
-
Set up a local development environment
-
Create a Fulcio certificate
-
Use Rekor to log a hash
-
Verify the log entry using Rekor
Write a Blog Post on Sigstore Concepts
Show steps
Writing a blog post helps you synthesize your knowledge of Sigstore concepts and share it with others.
Browse courses on
Software Supply Chain Security
Show steps
-
Research Sigstore and its components
-
Outline your blog post structure
-
Write the content for each section
-
Edit and proofread your blog post
-
Publish your blog post
Contribute to the Sigstore Community
Show steps
Contributing to the Sigstore community allows you to give back and gain experience working on real-world projects.
Browse courses on
Software Development
Show steps
-
Find a project or issue to contribute to
-
Read the project's documentation
-
Make a code contribution
-
Submit a pull request
Review Cloud Computing and DevOps Concepts
Show steps
Refreshing your knowledge of cloud computing and DevOps concepts will help you better understand the context of Sigstore.
Browse courses on
Cloud Computing
Show steps
Show steps
Show steps
- Review textbooks or online resources on cloud computing
- Review textbooks or online resources on DevOps
- Complete practice exercises or quizzes
Read 'Building Secure Software: How to Avoid Security Problems the Right Way'
Show steps
This book provides valuable insights into software security best practices that complement the concepts covered in this course.
View
Building Secure Software: How to Avoid Security...
on Amazon
Show steps
Show steps
Show steps
- Read chapters on secure software development principles
- Review examples of common security vulnerabilities
- Apply the principles to your own software development projects
Attend a Sigstore Workshop
Show steps
Attending a Sigstore workshop provides hands-on experience and insights from experts.
Browse courses on
Software Supply Chain Security
Show steps
Show steps
Show steps
- Find a Sigstore workshop that aligns with your interests
- Register for the workshop
- Attend the workshop
- Participate in hands-on exercises and discussions
Five other activities
Expand to see all activities and additional details
Show all eight activities
Complete Sigstore Academy Tutorials
Show steps
The Sigstore Academy tutorials offer interactive learning experiences that reinforce the concepts covered in this course.
Browse courses on
Software Supply Chain Security
Show steps
Show steps
Show steps
- Browse the Sigstore Academy tutorials
- Select a tutorial that aligns with your interests
- Follow the tutorial instructions
Practice Signing and Verifying Artifacts
Show steps
Practice signing and verifying containers and artifacts to solidify your understanding of Cosign.
Show steps
Show steps
Show steps
- Set up a local development environment
- Sign a container image using Cosign
- Verify the signature of a container image using Cosign
Experiment with Rekor and Fulcio
Show steps
Experimenting with Rekor and Fulcio will give you practical experience with these tools.
Show steps
Show steps
Show steps
- Set up a local development environment
- Create a Fulcio certificate
- Use Rekor to log a hash
- Verify the log entry using Rekor
Write a Blog Post on Sigstore Concepts
Show steps
Writing a blog post helps you synthesize your knowledge of Sigstore concepts and share it with others.
Browse courses on
Software Supply Chain Security
Show steps
Show steps
Show steps
- Research Sigstore and its components
- Outline your blog post structure
- Write the content for each section
- Edit and proofread your blog post
- Publish your blog post
Contribute to the Sigstore Community
Show steps
Contributing to the Sigstore community allows you to give back and gain experience working on real-world projects.
Browse courses on
Software Development
Show steps
Show steps
Show steps
- Find a project or issue to contribute to
- Read the project's documentation
- Make a code contribution
- Submit a pull request
Career center
Learners who complete Securing Your Software Supply Chain with Sigstore will develop knowledge and skills
that may be useful to these careers:
Security Engineer
Security Engineer
Security Engineers develop and implement security procedures and protocols for organizations. A career as a Security Engineer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course can be helpful as it covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Chief Information Security Officer (CISO)
Chief Information Security Officer (CISO)
Chief Information Security Officers (CISOs) are responsible for overseeing the security of an organization's information systems. A career as a CISO may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Software Developer
Software Developer
Software Developers build and maintain computer programs. It is a career that allows one to build software applications as well as work on design implementation. A career as a Software Developer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course can be helpful as it covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Security Architect
Security Architect
Security Architects design and implement security measures for an organization's computer systems. A career as a Security Architect may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Software Engineer
Software Engineer
Software engineers are responsible for the design, developing, and maintenance of software applications. A career as a Software Engineer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course can be helpful as it covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Penetration Tester
Penetration Tester
Penetration Testers are responsible for identifying security vulnerabilities in computer systems. A career as a Penetration Tester may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Information Security Analyst
Information Security Analyst
Information Security Analysts are responsible for protecting computer systems from security breaches. A career as an Information Security Analyst may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Security Consultant
Security Consultant
Security Consultants provide advice and guidance on security matters to organizations. A career as a Security Consultant may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
DevOps Engineer
DevOps Engineer
DevOps Engineers work in a cross-functional capacity ensuring that software is built, tested, and released efficiently. A career as a DevOps Engineer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course can be helpful as it covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Software Architect
Software Architect
A Software Architect's job is to create and design the software for a company or client. It also involves overseeing software development projects. A career as a Software Architect may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course can be helpful for working with the development of cloud as well as developing and implementing security protocol throughout the software supply chain.
Cloud Engineer
Cloud Engineer
Cloud Engineers are responsible for managing cloud computing systems and services for a company or client. A career as a Cloud Engineer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Systems Engineer
Systems Engineer
Systems Engineers oversee and manage complex computer systems. It typically involves being responsible for multiple projects at once. A career as a Systems Engineer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course covers key learnings involved with developing and implementing security protocol throughout the software supply chain.
Chief Technology Officer (CTO)
Chief Technology Officer (CTO)
Chief Technology Officers (CTOs) are responsible for overseeing the technology strategy of an organization. A career as a CTO may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course may be useful as it provides knowledge on maintaining and developing security protocol.
Network Engineer
Network Engineer
Network Engineers are in charge of designing, implementing, and managing computer networks for a company or client. A career as a Network Engineer may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course may be useful as some of the topics covered involve cloud computing.
Database Administrator
Database Administrator
Database Administrators maintain and ensure the performance of company or client databases. A career as a Database Administrator may be of interest to students who enroll in the course "Securing Your Software Supply Chain with Sigstore." This course may be useful as some of the topics covered involve cloud computing.
For more career information including salaries, visit:
OpenCourser.com/course/xntr3t/securing
Reading list
We've selected six books
that we think will supplement your
learning. Use these to
develop background knowledge, enrich your coursework, and gain a
deeper understanding of the topics covered in
Securing Your Software Supply Chain with Sigstore.
Save
A comprehensive guide to DevOps, covering the principles, practices, and tools for building high-performing DevOps teams.
A classic text on software security, providing a comprehensive overview of secure development principles and best practices.
Save
A practical guide to secure coding, covering common vulnerabilities and how to avoid them.
A detailed guide to Site Reliability Engineering (SRE) practices at Google, focusing on building and operating reliable software systems.
Save
A fictional story that illustrates the principles and practices of DevOps, focusing on the importance of collaboration and organizational culture.
A guide to building successful startups using the lean methodology, emphasizing the importance of customer feedback and iterative development.
For more information about how these books relate to this course, visit:
OpenCourser.com/course/xntr3t/securing
Share
Similar courses
Here are nine courses similar to
Securing Your Software Supply Chain with Sigstore.
Distributing Excel Workbooks
OpenCourser.com/course/dgatop/distributing
Distributing Excel Workbooks
Most relevant
DevOps with GitHub and Azure: Implementing Software Supply Chain Security with GitHub
OpenCourser.com/course/dp5a8r/devops
DevOps with GitHub and Azure: Implementing Software...
Most relevant
Secure Software Supply Chain for CSSLP®
OpenCourser.com/course/yon0id/secure
Secure Software Supply Chain for CSSLP®
Most relevant
Supply Chain Risk Management with OWASP Dependency-Check
OpenCourser.com/course/vcq6p0/supply
Supply Chain Risk Management with OWASP Dependency-Check
Most relevant
Introduction to DevSecOps on Azure
OpenCourser.com/course/oh9lee/introduction
Introduction to DevSecOps on Azure
Most relevant
Secure Software Development: Requirements, Design, and Reuse
OpenCourser.com/course/fsid42/secure
Secure Software Development: Requirements, Design, and...
Kubernetes Security: Implementing Supply Chain Security
OpenCourser.com/course/mkjaak/kubernetes
Kubernetes Security: Implementing Supply Chain Security
Securing Windows Server 2016 Virtualization
OpenCourser.com/course/leyg3k/securing
Securing Windows Server 2016 Virtualization
Secure Software Development: Verification and More Specialized Topics
OpenCourser.com/course/iu1k9c/secure
Secure Software Development: Verification and More...
Effort
1 to 2 hours per week for 7 weeks
Level
Introductory
Via
edX
Institution
The Linux Foundation
Instructors
Lisa Tagliaferri
John Speed Meyers
Randall Luis Thornberry Vasquez
Session
April 10, 2024
- October 8, 2025
Language
English
Transcript
English
Good to know
Teaches about industry standard software and tools
Covers the essentials for secure software creation
Designed for those with existing knowledge and experience in building and distributing software
Requires intermediate knowledge of cloud computing and DevOps concepts
Develops skills for maintaining secure software supply chains
Involves multiple tool sign and verify signatures
Our mission
OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.
Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.
Find this site helpful? Tell a friend about us.
Affiliate disclosure
We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.
Your purchases help us maintain our catalog and keep our servers humming without ads.
Thank you for supporting OpenCourser.
© 2016 - 2024 OpenCourser