Future-Proof Your Career: AI Manager Masterclass
AI, Data Science & Cloud Certificates from Google, IBM & Meta
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Learn to sign and verify multi-architecture containers using Sigstore in this conference talk that demystifies container resolution and security practices. Explore the mechanics behind multi-architecture containers, understanding why `docker pull python:3` retrieves only one architecture and how to verify signed containers across different architectures. Discover the intricacies of OCI manifests, image layers, and tags, and their relationship to annotations including SBOMs, attestations, and signatures. Master strategies for generating and verifying container signatures with Cosign regardless of target architecture, while navigating real-world challenges in managing multi-arch images at scale. Gain insights into unexpected behaviors of registries and pull-through caches, and build foundational knowledge for implementing robust software supply chain security practices in containerized environments.
Syllabus
Signing and Verifying Multi-architecture Containers With Sigstore - Natalie Somersall, Chainguard
Taught by
OpenSSF