Featured » Videos » ⚡️ Enlightning - Signed, Sealed, Delivered, I’m Yours! An Introduction to Sigstore

× Share this Video

Facebook
Twitter
Email
LinkedIn

⚡️ Enlightning - Signed, Sealed, Delivered, I’m Yours! An Introduction to Sigstore

November 4, 2022

Share this Video
Facebook
Twitter
Email
LinkedIn

with guests Lewis Denham-Parry & Zack Newman How do you know that the software you're running on your laptop or in production is actually the software you think you're running? Attackers may try to modify source code or compiled binaries/containers as they move about the internet and your network. We can check the authenticity of software and other digital artifacts with digital signatures. But, in practice, almost nobody does! Today, we'll see why not, and what the Sigstore project is doing to fix that. We'll explore digital signatures, losing your Yubikey on the street, why the price of security for OSS projects should be zero, how you achieve more security by promising less, and why software signatures need "sunshine laws," all in the context of the Sigstore project and its constituent components Fulcio, Rekor, and Cosign. You'll learn how the OSS ecosystem is getting more secure every day and how you can apply the same tools and principles.

A Paved Path to Production on Kubernetes

Customers are looking forward to getting a new feature in our application. Developers implemented it and pu...

Next Video

What’s New in Spring Cloud AWS 3.0?

In the past year, Spring Cloud AWS has gone through a major refactoring, in many places even a complete rew...

⚡️ Enlightning - Signed, Sealed, Delivered, I’m Yours! An Introduction to Sigstore

Previous

Next Video

Related content in this Stream

Spring Data JDBC has recently been enhanced with improved writing strategies to offer long-awaited support for batch operations. These updates deliver significant performance improvements to nearly al

Unlock developer productivity and user experience with a Kubernetes abstraction layer that enables faster, more secure app design, development, and delivery.

We talk about getting PCI compliance into Kubernetes, and other security think in the cloud native world. Securing Tanzu Application Service and Tanzu Application Platform.

With modern applications spanning from edge to any and all clouds to support data collection, real-time streaming, sensor ingest, edge computing, IoT use cases and edge AI, we need to be able to run o

This week, @thecote and @BenWilcockBen talk about using AI for software development, and general text use. They check in on Kubernetes usability for application developers, and give their takes on the

The software industrial revolution has arrived. Software is now 80% open source and third-party and 20% proprietary code that stitches it together into business-critical applications. We are challenge

See how Tanzu for Kubernetes Operations provides a simplified, consistent approach to container deployment, scaling, and management with tools, automation, and data-driven insights. Check out the Bus

Sasquatch. Yeti. The Loch Ness Monster. The 10x Developer. You may think of these as mythical creatures that can’t possibly exist, but the 10x Organization is very real. In this session, Gradle’s Just

Please join Nate Schutta and guest Sébastien Deleuze. Sébastien is a Spring Framework core committer at VMware, where he led the introduction of Kotlin and GraalVM native support. He is a WebAssembly

Kyverno is a policy engine designed for Kubernetes that allows you to write policy just like you would any other Kubernetes resource - meaning no code! Kyverno allows you to validate and mutate resour

Follow along as we deploy the ArgoCD Bitnami Helm chart to a Kubernetes cluster(s), using the friendly GUI in VMware Tanzu Mission Control. No CLI required. 😎 The following steps are covered in this

Contour, a CNCF incubating project, is a high-performance ingress and load balancer solution for Kubernetes. Contour supports Kubernetes Ingress, its own HTTPProxy CRD, and also implements Gateway API

Java Records (a language feature finalized in Java 16) give us a language level technique to work with "carriers for immutable data". Though simple enough to describe initially, there are edges to avo

ingress-nginx is an Ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer. It's not the NGINX inc controller... confusing, right? In this session we will discuss how the

Java Records (a language feature finalized in Java 16) give us a language level technique to work with ""carriers for immutable data"". Though simple enough to describe initially, there are edges to a

You've heard of policies, and you know they're important, but you've also heard it's hard so you don't know where to start. Today we're going to discuss Open Policy Agent (OPA), the general-purpose po

We discuss the recent Platform Maturity Model white paper draft with Abby Bangser.

Applications have relied on contextual data that is outside of core business logic for a long time to provide vital insight into what the application is doing. Traditionally, Java applications built o

With the increasing efforts towards securing our supply chain, there have been a lot of measures to help protect our workloads against known vulnerabilities. But there will always be unknown vulnerabi

In this webinar, leaders from VMware, Garmin, Great American Insurance Group, and Kin + Carta will have a conversation about how they use metrics to streamline DevSecOps, improve their developer exper