Skip to main contentSkip to Xpert Chatbot

LinuxFoundationX: Securing Your Software Supply Chain with Sigstore

Gain the knowledge and skills necessary to secure the integrity of your software by leveraging the Sigstore toolkit, a free and open source project that offers automated signing and verification across release files, container images, binaries, bill of material manifests, and more.

Securing Your Software Supply Chain with Sigstore
7 weeks
1–2 hours per week
Self-paced
Progress at your own speed
Free
Optional upgrade available

There is one session available:

After a course session ends, it will be archivedOpens in a new tab.
Starts Nov 15
Enroll
Securing Your Software Supply Chain with Sigstore

About this course

Skip About this course

Building and distributing software that is secure throughout its entire lifecycle can be challenging, leaving many projects unprepared to build securely by default. Attacks and vulnerabilities can emerge at any step of the chain, from writing to packaging and distributing software to end users. Sigstore is one of several innovative technologies that have emerged to improve the integrity of the software supply chain, reducing the friction developers face in implementing security within their daily work.

This course is designed with end users of Sigstore tooling in mind: software developers, DevOps engineers, security engineers, software maintainers, and related roles. To make the best of this course, you will need to be familiar with Linux terminals and using command line tools. You will also need to have intermediate knowledge of cloud computing and DevOps concepts, such as using and building containers and CI/CD systems like GitHub actions.

This course will introduce you to Cosign, Fulcio, Rekor, and the Policy Controller, the tools under the Sigstore umbrella, explaining how they support a more secure software supply chain. You will learn how to employ these tools throughout your software development, testing, and distribution processes. Additionally, those who use or implement your software will be able to verify its authenticity through tamper-resistant public logs.

Upon completing this course, you will be able to inform your organization’s security strategy and build software more securely by default.

At a glance

  • Institution: LinuxFoundationX
  • Subject: Computer Science
  • Level: Introductory
  • Prerequisites:
    • Familiarity with using the command line
    • Intermediate knowlegde of cloud computing and DevOps concepts, such as containers, CI/CD systems, GitHub actions, etc.
    • Familiarity with using and building container images
  • Language: English
  • Video Transcript: English
  • Associated skills:Automation, Packaging And Labeling, Command-Line Interface, Bill Of Materials, Security Strategies, Tooling, DevOps, Vulnerability, Innovation, Manifests, Linux, Open Source Technology, Software Development, Cloud Computing, Github, Supply Chain

What you'll learn

Skip What you'll learn

  • Describe the components of Sigstore and how they support a more secure software supply chain.

  • Sign and verify software artifacts with Sigstore.

  • Understand how to implement Sigstore within the software development lifecycle.

Syllabus

Skip Syllabus
  • Welcome
  • 1. Introducing Sigstore
  • 2. Cosign: Signing and Verifying Containers and Artifacts
  • 3. Fulcio: The Trusted Digital Certificate Authority
  • 4. Rekor: The Immutable and Secure Transparency Log
  • 5. Policy Controller: The Kubernetes Cluster Gatekeeper
  • 6. Getting Involved with the Sigstore Community
  • Final Exam (verified track only)

Who can take this course?

Unfortunately, learners residing in one or more of the following countries or regions will not be able to register for this course: Iran, Cuba and the Crimea region of Ukraine. While edX has sought licenses from the U.S. Office of Foreign Assets Control (OFAC) to offer our courses to learners in these countries and regions, the licenses we have received are not broad enough to allow us to offer this course in all locations. edX truly regrets that U.S. sanctions prevent us from offering all of our courses to everyone, no matter where they live.

Ways to take this course

Choose your path when you enroll.

Certificate

Free

Price

$189 USD

-

Access to course materials

Unlimited

Limited

Expires on Jan 3, 2025

World-class institutions and universities

edX support

Shareable certificate upon completion

Graded assignments and exams

Read our FAQsin a new tab about frequently asked questions on these tracks.

Interested in this course for your business or team?

Train your employees in the most in-demand topics, with edX For Business.