Updates and recent posts about Sigstore..

Posts
Description

Link

@faun shared a link, 7 months, 3 weeks ago

FAUN.dev()

v1.34: Recovery From Volume Expansion Failure (GA)

Kubernetes v1.34 bumps **automated recovery from botched PVC expansions** to GA. Users can now fix bad volume size requests—no admin, no drama. It cleans up unused quota, slows down retry spam, and surfaces progress with new PVC status fields... read more

Link

@faun shared a link, 7 months, 3 weeks ago

FAUN.dev()

Kubernetes Security: Best Practices to Protect Your Cluster

A new JetBrains IDE plugin throws Kubernetes security best practices straight into your deployment manifests—right where they belong. Think: checks for `runAsRoot`, privileged mode, `hostPath`, host ports, and sketchy sysctls. No hand-waving. It enforces stuff like: - Default `runAsNonRoot` - Drop .. read more

Link

@faun shared a link, 7 months, 3 weeks ago

FAUN.dev()

v1.34: DRA Consumable Capacity

Kubernetes 1.34 rolls in **consumable capacity** for Dynamic Resource Allocation (DRA). That means device plugins can now carve up resources—GPU memory, NIC bandwidth, etc.—into precise slices for Pods, ResourceClaims, and namespaces. The scheduler tracks it all, so nothing spills over... read more

Link

@faun shared a link, 7 months, 3 weeks ago

FAUN.dev()

v1.34: Decoupled Taint Manager Is Now Stable

Kubernetes 1.34 graduates the taint eviction controller to GA. Now, the node lifecycle controller only applies taints, while a dedicated taint eviction controller manages pod eviction. First split in 1.29, now stable in 1.34... read more

Link

@faun shared a link, 7 months, 3 weeks ago

FAUN.dev()

v1.34: Pods Report DRA Resource Health

Kubernetes v1.34 lands with an alpha upgrade to **[KEP-4680](https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/4680-add-resource-health-to-pod-status)**, pushing **Dynamic Resource Allocation (DRA)** into smarter territory: health-aware Pods. DRA drivers can now stream device heal.. read more

Story

@laura_garcia shared a post, 7 months, 4 weeks ago

Software Developer, RELIANOID

Secure Boot Advanced Targeting (SBAT): Scaling Boot Security 🔐

Discover how SBAT enhances Secure Boot by introducing a smarter way to handle vulnerabilities, reducing overhead, and ensuring your system's boot process stays secure. Learn how it works, how it addresses scalability, and why it's a game-changer for modern boot security across Linux and Windows envi..

Story

@laura_garcia shared a post, 8 months ago

Software Developer, RELIANOID

Cyber Security & Cloud Expo Europe in Amsterdam

🔐 On 24–25 September 2025, RELIANOID will be at Cyber Security & Cloud Expo Europe in Amsterdam! Join us to explore how we enable secure, scalable, and Zero Trust–ready application delivery. 👉 https://www.relianoid.com/about-us/events/cyber-security-cloud-expo-2025/ #CyberSecurity#Cloud#ZeroTrust#De..

cybersecurity and cloud expo amsterdam event

Story

@laura_garcia shared a post, 8 months ago

Software Developer, RELIANOID

Cyber Security & Cloud Expo Europe in Amsterdam

Story

@laura_garcia shared a post, 8 months ago

Software Developer, RELIANOID

🔐 Industrial networks face increasing complexity and evolving cyber threats.

To strengthen defenses, many organizations are moving beyond traditional segmentation and adopting microsegmentation — a strategy that creates independent, secure zones to better protect critical assets. We’ve prepared a clear diagram to illustrate how defense-in-depth and microsegmentation can be a..

Industrial Zero-Trust Micro-Segmentation

Link

@anjali shared a link, 8 months ago

Customer Marketing Manager, Last9

What is Asynchronous Job Monitoring?

Know how asynchronous job monitoring tracks background tasks, ensuring they finish reliably, perform well, and stay visible at scale.

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.