Cloud-Native Microservices With Kubernetes - 2nd Edition

A Comprehensive Guide to Building, Scaling, Deploying, Observing, and Managing Highly-Available Microservices in Kubernetes

> Get Your Copy

Updates and recent posts about Sigstore..

Posts
Description

Activity

@brooksamybrook gave 🐾 to Microsoft Launches Azure Kubernetes Service Automatic for Developers , 7 months ago.

Activity

@brooksamybrook gave 🐾 to Security and compliance are not optional—they’re the backbone of trust. , 7 months ago.

Story

@laura_garcia shared a post, 7 months ago

Software Developer, RELIANOID

Security and compliance are not optional—they’re the backbone of trust.

At RELIANOID, our operations and load balancing platform are fully aligned with the ISO/IEC 27001:2022 framework, ensuring that every policy, control, and process we implement supports the same rigorous standards as certified environments. From governance and risk management to encryption, access co..

News FAUN.dev() Team

@devopslinks shared an update, 7 months ago

FAUN.dev()

Microsoft Launches Azure Kubernetes Service Automatic for Developers

#aks #autosca... #Automat... #Microso... #kuberne...

Microsoft announces Azure Kubernetes Service Automatic, a fully-managed Kubernetes offering that reduces operational overhead and integrates security and reliability features by default.

News FAUN.dev() Team

@devopslinks shared an update, 7 months ago

FAUN.dev()

GitHub Introduces Post-Quantum Secure SSH Key Exchange Algorithm

#SSH #post-qu... #quantum... #git #github

GitHub enabled a post-quantum secure SSH key exchange algorithm on September 17, 2025, to protect against future quantum decryption threats.

News FAUN.dev() Team

@kala shared an update, 7 months ago

FAUN.dev()

Microsoft Launches Open-Source Agent Framework for AI Development

#microso... #AI agen... #open-so... #semanti... #orchest...

Microsoft unveils the open-source Agent Framework to streamline AI agent development, integrating Semantic Kernel and AutoGen for enhanced accessibility and stability.

News FAUN.dev() Team

@kaptain shared an update, 7 months ago

FAUN.dev()

Alpine Linux 3.23 Adopts /usr-Merged File System Layout

#/usr-me... #alpine ... #symboli... #central... #reduced...

Alpine Linux 3.23 will transition to a /usr-merged file system layout, centralizing executables and libraries to reduce maintenance and improve containerization.

News FAUN.dev() Team

@kala shared an update, 7 months ago

FAUN.dev()

OpenAI Launches AgentKit: Streamline Agent Development for Enterprises

#evals f... #agentki... #agent b... #connect... #chatkit

OpenAI introduces AgentKit, a tool suite to streamline agent development for enterprises, enhancing efficiency and collaboration.

News FAUN.dev() Team

@kala shared an update, 7 months ago

FAUN.dev()

Anthropic unveils three infrastructure bugs behind Claude's performance issues

#infrast... #claude ... #routing... #API mis... #compile...

Anthropic resolves infrastructure bugs affecting Claude AI performance, revises processes to prevent future disruptions across AWS, NVIDIA, and Google platforms.

News FAUN.dev() Team

@kala shared an update, 7 months ago

FAUN.dev()

ChatGPT Launches Interactive Apps with New Apps SDK Preview

#ChatGPT #app #partner... #integra... #OpenAI

ChatGPT introduces an app ecosystem with an Apps SDK Preview, enabling developers to create interactive applications integrated into conversations, initially available to non-EU users with partners like Booking.com and Spotify.

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.