![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=60,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Explore the concept of zero trust supply chains in this conference talk presented by Andres Vega and Jake Sanders. Delve into the importance of verifying every claim in the software supply chain process, rather than inherently trusting build systems. Learn how the combination of cryptographically verifiable identities and transparency logs offers a novel approach to enhance the security of release artifacts. Discover the toolkit provided by Project Sigstore for publishing verifiable provenance about publicly distributed artifacts. Understand the roles of Sigstore Binary Transparency Log (Rekor), Keyless Signatures (Cosign), and Sigstore Certificate Authority (Fulcio) in storing, signing, and verifying metadata. Explore how SPIFFE's reference implementation SPIRE supports cryptographic operations rooted in a strongly attested universal identity control plane. Witness a demonstration of applying zero trust supply chain architecture to build systems using Sigstore and SPIRE, with TektonCD as the example build system and in-toto as the provenance format. Gain insights into creating a Federated, Verifiable, Zero-Trust Supply Chain to ensure the trustworthiness of your software development process.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
