Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn to sign and verify multi-architecture containers using Sigstore in this conference talk that demystifies container resolution and security practices. Explore the mechanics behind multi-architecture containers, understanding why `docker pull python:3` retrieves only one architecture and how to verify signed containers across different architectures. Discover the intricacies of OCI manifests, image layers, and tags, and their relationship to annotations including SBOMs, attestations, and signatures. Master strategies for generating and verifying container signatures with Cosign regardless of target architecture, while navigating real-world challenges in managing multi-arch images at scale. Gain insights into unexpected behaviors of registries and pull-through caches, and build foundational knowledge for implementing robust software supply chain security practices in containerized environments.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
