The last few years have seen a significant raise in Software Supply Chain attacks targeting third party dependencies used in larger projects. With the need for developers to attest of the integrity and provenance of their software components, alternatives have emerged to make tracing software back to the source more accessible, without a need for specific knowledge of cryptographic protocols used for generating and verifying artifact signatures. Project Sigstore (https://www.sigstore.dev/) is a new standard for signing, verifying and protecting software. This talk will provide an introduction to Sigstore for Python developers, who will learn how they can leverage the sigstore-python client to secure their Python projects and build and distribute artifacts easily and securely.
Maya is a Software Engineer in the Emerging Technologies Security team at Red Hat. She is passionate about Python, an Open Source enthusiast and works on securing the Ansible content software supply chain.
Sunday June 18, 2023 11:00am - 11:35am CEST
E104 | Talks
Create a custom schedule.
Take it with you on mobile.
Get listed in the directory.
