Integrating Secure Code Signing in the CI/CD Pipeline

Presented by

Ryan Sanders, Sr. Dir Product & Customer Mktg & Eric Mizell, VP of Field Engineering Keyfactor; Brandon Dunlap, Moderator

About this talk

Code signing is a powerful method to protect the integrity of containers, artifacts, and software across the continuous integration and continuous deployment (CI/CD) pipeline. However, signing is more than just certificates and signatures. It’s about integrating the sign and verify process into your pipeline while keeping sensitive keys secure and in the right hands. If signing processes aren’t secure, it opens the door to malware, exploits, and supply chain attacks. On January 31 at 1:00 p.m. Eastern / 10:00 a.m. Pacific, join (ISC)² and Keyfactor to learn how your organization can take steps toward integrating fast and secure signing within your CI/CD pipeline. We’ll discuss: - Where code signing fits into the CI/CD pipeline - Best practices for signing key protection and policy control - Recommended methods for safeguarding your organization’s keys.
Related topics:

More from this channel

Upcoming talks (10)
On-demand talks (453)
Subscribers (143127)
ISC2 Security Briefings brings attendees both stand alone webcasts and multi-part series on cutting edge infosecurity topics that gets deeper into the subject matter and technologies presented by subject matter experts.