))
Sigstore | Sign Your Startup's Software SBOM!
Manage episode 448628207 series 3605659
Contenu fourni par Kabir. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Kabir ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
Sigstore is an open-source project that aims to improve software supply chain security by allowing software developers and users to securely sign and verify software artifacts. The project uses ephemeral signing keys to ensure that keys do not need to be managed. All signing events are recorded in a tamper-resistant public log, which allows for the auditing of signing events. Sigstore addresses the weaknesses of traditional methods of artifact signing by moving away from a key-based approach and towards an identity-based approach, which makes the process more convenient and secure. The project is supported by the Open Source Security Foundation (OpenSSF) under the Linux Foundation.
Podcast:
https://kabir.buzzsprout.com
YouTube:
https://www.youtube.com/@kabirtechdives
Please subscribe and share.
76 episodes
Partager
