Beginner

Container Supply Chain Security Essentials

Container Security
5
Hours
9
Lessons
6
Cloud Labs

Supply chains are a key part of managing software projects at scale. This course will take a hands-on focus on tools, workloads, and methods to manage even the most complex Container supply chains.

We'll start by learning about the problems with container supply chains, and establishing trust in the supply chains. Next, we'll use hands-on labs to generate and manage Container Software Bill of Materials (SBOM). To do this, we'll use tools like Syft to generate the SBOM, and Grype to scan the SBOM for vulnerabilities.

We'll also trojanizing container problems, container image provenance, and explore Project Sigstore. Here, you'll learn how to use Cosign, Rekor, and Fulcio to maintain a secure software supply chain at every step of the process.

You might also like these courses

Or explore these Learning Paths

Labs

ImageTragick

Syft and grype

Cosign

Cosign with Blob

Kyeless signing

Keyless signing github actions