Building and distributing software that is secure throughout its entire lifecycle can be challenging, leaving many projects unprepared to build securely by default. Attacks and vulnerabilities can emerge at any step of the chain, from writing to packaging and distributing software to end users. Sigstore is one of several innovative technologies that have emerged to improve the integrity of the software supply chain, reducing the friction developers face in implementing security within their daily work.
Securing Your Software Supply Chain with Sigstore (LFS182x)
- Labs will work on Linux and macOS
- Administrative access to enable installing software
- We are assuming a local machine, but these commands should work on a Linux cloud instance as well
- Internet connection
- We recommend at least 2GB of RAM and a 64-bit CPU.
- You should have the latest version of Docker and Docker Compose installed, and an account on Docker Hub. At the time of writing (June 2022), Docker Engine should be version 20.10 and Docker Compose should be version 2.6. If you are on macOS, you will need to use Docker Desktop; refer to the official documentation for your operating system to ensure that your system meets the necessary requirements. Docker Desktop should be version 4.8 or higher.
- You should have the latest version of Go installed, at the time of writing this is 1.18 (June 2022).