Bob Callaway and Ivan Font of Red Hat will introduce a new project called 'sigstore' that was recently launched under the Linux Foundation. Sigstore aims to empower software developers to easily and securely sign software artifacts such as release files, container images, binaries, bill of material manifests and more. Signing materials are then stored into a tamper resistant public log. They'll show a demo of the system working in OpenShift to sign container images and integrated into a build pipeline with Tekton and Open Policy Agent.
YouTube: https://youtu.be/yKrbUGSwrEw
Speakers: Bob Callaway and Ivan Font (Red Hat)
Host: Karena Angell (Red Hat)