Chainguard Edu is a repository focused on providing educational resources for learning about software supply chain security, specifically utilizing Chainguard's tools and philosophies. It's designed for a range of learners, from those new to the concept to experienced developers looking to deepen their understanding and implement best practices. The core principle driving the content is "shift left" security – integrating security considerations early in the development lifecycle, rather than as an afterthought. It's not just about *using* Chainguard's products, but understanding the *why* behind the security measures.

The repository is structured around several key learning paths and resource types. A significant portion is dedicated to hands-on workshops and labs. These labs are designed to be interactive and practical, guiding users through real-world scenarios like building and signing reproducible container images, verifying image provenance using SLSA (Supply-chain Levels for Software Artifacts), and implementing attestation policies. These labs often leverage Chainguard Images, a curated collection of minimal, distroless base images, and Chainguard Enforce, a policy engine for controlling what can run in your environment. The workshops are often presented as Jupyter notebooks, making them easily executable and modifiable.

Beyond the labs, Chainguard Edu offers a wealth of documentation and explanations. There are detailed guides on topics like software bill of materials (SBOMs), signing artifacts with Sigstore (specifically Cosign), and understanding the benefits of reproducible builds. The repository also includes explanations of key concepts like provenance, attestation, and the importance of minimizing the attack surface of your software. A notable section focuses on SLSA, detailing the different levels and how to achieve them, providing a clear roadmap for improving supply chain security. The documentation isn't just theoretical; it's frequently tied back to practical examples and demonstrations within the labs.

A crucial aspect of Chainguard Edu is its emphasis on open-source tooling and standards. While it showcases Chainguard's products, it also actively promotes and integrates with widely adopted open-source projects like Sigstore, Grype (a vulnerability scanner), and in-toto (a framework for verifying software provenance). This commitment to open standards ensures that the skills learned are transferable and applicable beyond the Chainguard ecosystem. The repository frequently links to external resources and documentation for these tools, fostering a broader understanding of the software supply chain security landscape.

Finally, Chainguard Edu is a continuously evolving resource. The content is regularly updated to reflect the latest best practices, tooling advancements, and emerging threats. The repository encourages community contributions, allowing users to submit feedback, suggest improvements, and even contribute new labs or documentation. This collaborative approach ensures that Chainguard Edu remains a relevant and valuable resource for anyone seeking to improve the security of their software supply chain. It's a practical, hands-on learning environment designed to empower developers and security professionals to build more trustworthy software.