Supply chains are a key part of managing software projects at scale. This course will take a hands-on focus on tools, workloads, and methods to manage even the most complex Container supply chains.
We'll start by learning about the problems with container supply chains, and establishing trust in the supply chains. Next, we'll use hands-on labs to generate and manage Container Software Bill of Materials (SBOM). To do this, we'll use tools like Syft to generate the SBOM, and Grype to scan the SBOM for vulnerabilities.
We'll also trojanizing container problems, container image provenance, and explore Project Sigstore. Here, you'll learn how to use Cosign, Rekor, and Fulcio to maintain a secure software supply chain at every step of the process.
Syft and grype
Cosign with Blob
Keyless signing github actions