May 8 - 9, 2023 | Vancouver, Canada
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for cdCon+GitOpsCon to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right above "Filter by Date."
Back To Schedule
Tuesday, May 9 • 4:30pm - 5:00pm
Identity-based Source Integrity with Gitsign - Billy Lynch, Chainguard

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Recently there has been a large focus on software supply chain security across the industry. While much of this discussion has been focused on containers and other binary artifacts, source code is an equally critical component to sign and verify integrity in your supply chain (especially for GitOps workflows)! While Git commit signing has typically been done with GPG and more recently SSH keys, maintaining these long lived keys can often be a challenge, particularly in shared environments like CI/CD. In this talk, we'll take a look at some of these challenges as well as take a deep dive into Gitsign - a Sigstore project that brings "keyless" identity-based signing to Git. We'll walkthrough you can use Gitsign to cryptographically sign Git commits using OIDC based identities, how this can be beneficial over traditional signing methods to improve the security of source consumed and produced by your CI/CD and GitOps workflows, and how this can improve incident response in the event of a compromise.

avatar for Billy Lynch

Billy Lynch

Staff Software Engineer, Chainguard
Billy is a staff software engineer at Chainguard, working on developer tools and securing software supply chains for everyone! He is an active contributor and maintainer to the Sigstore and Tekton projects, and is the creator of Gitsign. Prior to working at Chainguard, Billy worked... Read More →

Tuesday May 9, 2023 4:30pm - 5:00pm PDT
Meeting Room 220