Skip to Main Content
Lightning Talk Intermediate Apache-2.0 license

Securing Trust Across Open Source Dependencies

Approved
Session Description

In this talk, I will talk about Sigstore, an open-source project focused on simplifying software signing and verification for developers. A software can be depend on open-source packages, containers, and third-party dependencies. But how do developers verify whether a package or release actually comes from a trusted source?. So in this discussion we will cover what is sigstore, components of sigstore and how to implement it in our projects.

Key Takeaways

  • Why software signing matters

  • What Sigstore does.

  • Understanding of Transparency logs and identity verification

References

https://github.com/sigstore
https://openssf.org/projects/sigstore/

Session Categories

Technology / FOSS licenses, policy
Talk License: Apache-2.0 license

Reviews

No reviews yet.