The chain of trust: Open source supply chain security in action

As modern applications increasingly rely on open source components, ensuring the integrity and provenance of the software supply chain has become critical. How do you verify that every component, from code commits to AI models, can be trusted?

Join this expert-led webinar to learn how to secure the entire cloud-native software lifecycle. We’ll demonstrate how to sign and verify every artifact in your pipeline—from source code to container images to AI models—helping eliminate unverified code and strengthen application security.

Through a practical end-to-end demo—from Git push to production—you’ll learn how to implement automated verification across your CI/CD pipeline and build a more secure, compliant software supply chain, including how to:

• Sign and verify code using Gitsign while analyzing dependencies in real time
• Generate signed provenance and software bills of materials (SBOMs) automatically during builds with Tekton Chains
• Verify artifacts before deployment using Cosign
• Maintain a continuous security posture using Red Hat® Quay and Red Hat Advanced Cluster Security