Containers

Container Supply Lines with BuildKit and Cosign

Name: Container Supply Lines with BuildKit and Cosign
Price: 1540 BRL

Each cohort pair builds a miniature supply line: multi-stage BuildKit targets, attestations, and admission-style checks before anything hits staging. You learn to reason about layer reuse without obsessing over image size alone.

Format: Self-paced with mentor checkpoints · Timeline: 5 weeks · 36h guided

List price: BRL 1.540 (informational, no checkout on this site)

Otávio Lemos

Spent eight years hardening image promotion for retail edge nodes.

Cover art for Container Supply Lines with BuildKit and Cosign

Module map

SBOM generation with SPDX-friendly naming
Cosign keyless flows tied to workload identity
Rootless builder hardening checklist
Registry promotion rules with digest immutability
Distroless vs slim variants decision tree
Runtime smoke tests using ephemeral compose stacks
Hand-off packet for platform teams adopting the same policy

Outcomes we expect to see

Publish signed images consumable by a mock admission controller

Produce a SBOM diff between two releases with human-readable notes

Draft a rollback story that references digest, not floating tags

FAQ — includes hard truths

Will we touch Kubernetes?

Only through a read-only admission mock; the focus stays on build and registry guarantees.

Hardware requirements?

Any language preference?

Mentor-reviewed quotes

Anonymous — Cosign lab clarified why our old Notary flow felt brittle. The SBOM diff exercise alone justified the tuition.

Client in observability SaaS · Trustpilot

BuildKit chapter assumed I knew Dockerfile ARG quirks; office hours filled the gap quickly.

Renata V. · Platform intern · 4/5

Digest-only rollback story now lives in our incident binder.

Felipe Duarte · Logistics API mesh · 5/5 · survey