RiseUpp Logo
Educator Logo

Securing Software Supply Chain with Sigstore

Sigstore toolkit enables automated software supply chain security through digital signing and verification of releases and containers.

Sigstore toolkit enables automated software supply chain security through digital signing and verification of releases and containers.

Discover how to build and maintain secure software throughout its lifecycle with Sigstore. This course teaches developers and DevOps professionals how to implement security measures using the Sigstore toolkit. Learn about key components like Cosign, Fulcio, Rekor, and Policy Controller while mastering techniques for signing and verifying software artifacts. Gain practical experience in integrating Sigstore tools into your development workflow, enabling tamper-resistant verification through public logs. Perfect for those looking to enhance their software security practices and implement secure-by-default principles.

English

English

Powered by

Provider Logo
Securing Software Supply Chain with Sigstore

This course includes

7 Weeks

Of Self-paced video lessons

Beginner Level

Completion Certificate

awarded on course completion

16,070

What you'll learn

  • Understand the core components of Sigstore and their role in software supply chain security

  • Implement automated signing and verification for software artifacts

  • Master the use of Cosign for container and artifact security

  • Utilize Fulcio for managing digital certificates

  • Work with Rekor for maintaining secure transparency logs

  • Deploy Policy Controller in Kubernetes environments

Skills you'll gain

Software Security
Supply Chain Security
Sigstore
DevOps
Container Security
Digital Certificates
Kubernetes
CI/CD
Cloud Computing
Open Source

This course includes:

PreRecorded video

Graded assignments, exams

Access on Mobile, Tablet, Desktop

Limited Access access

Shareable certificate

Closed caption

Get a Completion Certificate

Share your certificate with prospective employers and your professional network on LinkedIn.

Provided by

Certificate

Top companies offer this course to their employees

Top companies provide this course to enhance their employees' skills, ensuring they excel in handling complex projects and drive organizational success.

icon-0icon-1icon-2icon-3icon-4

There are 7 modules in this course

This comprehensive course covers software supply chain security using Sigstore. Students learn about the core components of Sigstore including Cosign for signing and verifying containers, Fulcio for digital certificate management, Rekor for transparency logging, and Policy Controller for Kubernetes security. The curriculum combines theoretical understanding with practical implementation, focusing on real-world applications in modern software development environments. Participants gain hands-on experience with security tools while learning best practices for maintaining software integrity throughout the development lifecycle.

Introducing Sigstore

Module 1

Cosign: Signing and Verifying Containers and Artifacts

Module 2

Fulcio: The Trusted Digital Certificate Authority

Module 3

Rekor: The Immutable and Secure Transparency Log

Module 4

Policy Controller: The Kubernetes Cluster Gatekeeper

Module 5

Getting Involved with the Sigstore Community

Module 6

Final Exam

Module 7

Fee Structure

Instructors

Expert in Developer Education and Open Source Technologies

Lisa Tagliaferri is the Head of Developer Education at Chainguard, where she leads initiatives to make secure software development practices more accessible. With over 45 million global readers, her open access books and tutorials on Python, Kubernetes, and machine learning have significantly impacted the developer community. Tagliaferri's expertise spans both technology and humanities, holding a PhD from the City University of New York and an MSc from the University of London. Her academic background includes postdoctoral positions at MIT and Harvard University's Villa I Tatti, as well as teaching experience in computer sciences and digital humanities at the undergraduate and graduate levels. At Chainguard, she focuses on developing resources to integrate security seamlessly into the software lifecycle. Tagliaferri is also a Visiting Scholar at Rutgers University, where she teaches a graduate seminar on Digital Humanities. Her interdisciplinary approach bridges technical expertise with a deep understanding of learning methodologies, making her a leading voice in developer education and open source technologies.

Leading Expert in Software Supply Chain Security and Open Source Research

John Speed Meyers is the Head of Chainguard Labs at Chainguard, where he leads research initiatives focused on open source software security, software supply chain security, and container security. His career spans influential roles across research and policy, including positions at IQT Labs, RAND Corporation, and the Center for Strategic and Budgetary Assessments. Meyers has made significant contributions to understanding software supply chain attacks and security, co-authoring influential research on measuring attack frequencies and analyzing open source software components in modern applications. His work suggests that up to 99% of smaller software applications consist of open source code, highlighting the critical importance of supply chain security. As a nonresident senior fellow with the Atlantic Council's Cyber Statecraft Initiative, Meyers contributes to broader policy discussions on cybersecurity. His academic credentials include a PhD in policy analysis from the Pardee RAND Graduate School, a Master of Public Affairs from Princeton's School of Public and International Affairs, and a BA in international relations from Tufts University. Through his research and advocacy, Meyers continues to shape industry understanding of software supply chain security, particularly through his work on frameworks like SBOM (Software Bill of Materials) and his analysis of major security incidents such as Log4Shell and XZ Utils.

Securing Software Supply Chain with Sigstore

This course includes

7 Weeks

Of Self-paced video lessons

Beginner Level

Completion Certificate

awarded on course completion

16,070

Testimonials

Testimonials and success stories are a testament to the quality of this program and its impact on your career and learning journey. Be the first to help others make an informed decision by sharing your review of the course.

Frequently asked questions

Below are some of the most commonly asked questions about this course. We aim to provide clear and concise answers to help you better understand the course content, structure, and any other relevant information. If you have any additional questions or if your question is not listed here, please don't hesitate to reach out to our support team for further assistance.