Securing your Software Supply chain with Sigstore Training Logo

Securing your Software Supply chain with Sigstore Training

Live Online & Classroom Enterprise Training

This course introduces Sigstore, an open-source solution for signing, verifying, and protecting software artifacts. Learners will understand how Sigstore helps secure modern software supply chains by providing transparency, integrity, and trust without managing long-lived secrets.

Looking for a private batch ?

REQUEST A CALLBACK

Need help finding the right training?

Your Message

  • Enterprise Reporting

  • Lifetime Access

  • CloudLabs

  • 24x7 Support

  • Real-time code analysis and feedback

What is Securing your Software Supply chain with Sigstore Training about?

Modern software supply chains are increasingly complex and vulnerable to attacks. This course provides a practical overview of software supply chain security challenges and demonstrates how Sigstore enables cryptographic signing, verification, and transparency for software artifacts. Learners will explore how Sigstore integrates into CI/CD pipelines and cloud-native environments to reduce risks and improve trust in delivered software.

What are the objectives of Securing your Software Supply chain with Sigstore Training ?

  • Understand software supply chain security risks
  • Learn Sigstore architecture and core components
  • Implement artifact signing and verification
  • Integrate Sigstore into CI/CD pipelines
  • Apply best practices for secure software delivery

Who is Securing your Software Supply chain with Sigstore Training for?

  • DevOps and Platform Engineers
  • Cloud-native and Kubernetes practitioners
  • Software Developers
  • Security Engineers and AppSec teams
  • Site Reliability Engineers (SREs)

What are the prerequisites for Securing your Software Supply chain with Sigstore Training?

Prerequisites:

  • Basic understanding of software development lifecycle
  • Familiarity with CI/CD concepts
  • Knowledge of containers and images
  • Basic Git and source control usage
  • Introductory understanding of security concepts


Learning Path:

  • Introduction to software supply chain security
  • Fundamentals of cryptographic signing
  • Sigstore tools: Cosign, Fulcio, Rekor
  • CI/CD integration and automation
  • Advanced use cases and best practices


Related Courses:

  • Kubernetes Security Fundamentals
  • DevSecOps Essentials
  • Container Security and Image Scanning
  • Secure CI/CD Pipeline Design

Available Training Modes

Live Online Training

1 Days

Course Outline Expand All

Expand All

  • Overview of Sigstore and its purpose
  • Software supply chain security challenges
  • Key components of the Sigstore ecosystem
  • Benefits of keyless signing
  • Use cases in modern DevSecOps
  • Introduction to Cosign functionality
  • Container image and artifact signing
  • Signature verification workflows
  • Integration with CI/CD pipelines
  • Security and compliance benefits
  • Role of Fulcio in Sigstore
  • Keyless certificate issuance process
  • Identity-based authentication model
  • Short-lived certificates concept
  • Trust and security assurances
  • Purpose of transparency logs
  • How Rekor records signatures and metadata
  • Tamper-evident and immutable logging
  • Auditing and traceability benefits
  • Integration with Sigstore tools
  • Role of policy enforcement in Kubernetes
  • Admission control using Policy Controller
  • Verifying signed images before deployment
  • Defining and managing security policies
  • Enhancing cluster supply chain security
  • Overview of the Sigstore open-source community
  • Contribution opportunities and roles
  • Governance and project roadmap
  • Community support channels
  • Learning resources and next steps

Who is the instructor for this training?

The trainer for this Securing your Software Supply chain with Sigstore Training has extensive experience in this domain, including years of experience training & mentoring professionals.

Reviews