Install Red Hat Trusted Artifact Signer using Google identity provider and Cosign

Learn how to install the Red Hat Trusted Artifact Signer using Google identity provider. Once installed, explore how to sign and verify a container image using Cosign.

Developers play a crucial role in implementing DevSecOps practices because they are responsible for writing the code that makes up the software. However, many developers don't have strong security backgrounds and might not be aware of the best practices to code, build, and monitor the software supply chain for their software factory.

This short guide provides a developer's introduction to software supply chain security, including the key principles, tools, and techniques you need to know to better audit and act on vulnerabilities in open source software components. Start integrating security guardrails across your software development life cycles to catch security issues early.

View Excerpt å
Previous resource
Sign and verify container image using Red Hat Trusted Artifact Signer