About This Talk
This talk will provide a high-level overview of the developer-first open source project, Sigstore, within the Django context. We’ll go through each component of Sigstore, including how to sign a software artifact with Cosign, how Fulcio issues certificates, and finally how developers and end users alike can verify claims made on the Rekor public ledger. We’ll discuss how PyPI is leveraging Sigstore to help with verifying and trusting dependencies we all rely on. Finally, we’ll go through a demonstration of creating, publishing, and signing a containerized Django app.
The audience will walk away with an understanding of how they can navigate software security more effectively and be better citizens of open source through implementing recommended security practices.
Lisa Tagliaferri builds learning resources and open source software in service to the developer community. With experience across the tech startup space and within universities, Lisa has led the development of educational platforms, technical curricula, and research on communities. Lisa’s open access books and tutorials have drawn over 45 million global readers. Recently, Lisa co-created the Linux Foundation course, “Secure Your Software Supply Chain with Sigstore,” available for free on edX.