A new course from the Linux Foundation on the edX platform aims to educate the industry on how to digitally sign software artifacts. Targeted at both software developers and DevOps and security engineers, it focuses on using the Sigstore toolkit to secure the software supply chain.
Sigstore is really upping its game. Supporting new tools, like GitSign which I recently covered, it produces announcements, consortiums and educational material. It really is taking supply chain security seriously.
For those still not aware of the concept, the desired outcome is to protect the software supply chain.
How can this be achieved?
full article on i-programmer: