Updates and recent posts about Sigstore..

Posts
Description

Story

@laura_garcia shared a post, 8 months ago

Software Developer, RELIANOID

Cyber Security & Cloud Expo Europe in Amsterdam

🔐 On 24–25 September 2025, RELIANOID will be at Cyber Security & Cloud Expo Europe in Amsterdam! Join us to explore how we enable secure, scalable, and Zero Trust–ready application delivery. 👉 https://www.relianoid.com/about-us/events/cyber-security-cloud-expo-2025/ #CyberSecurity#Cloud#ZeroTrust#De..

cybersecurity and cloud expo amsterdam event

Story

@laura_garcia shared a post, 8 months ago

Software Developer, RELIANOID

Cyber Security & Cloud Expo Europe in Amsterdam

Story

@laura_garcia shared a post, 8 months ago

Software Developer, RELIANOID

🔐 Industrial networks face increasing complexity and evolving cyber threats.

To strengthen defenses, many organizations are moving beyond traditional segmentation and adopting microsegmentation — a strategy that creates independent, secure zones to better protect critical assets. We’ve prepared a clear diagram to illustrate how defense-in-depth and microsegmentation can be a..

Industrial Zero-Trust Micro-Segmentation

Link

@anjali shared a link, 8 months ago

Customer Marketing Manager, Last9

What is Asynchronous Job Monitoring?

Know how asynchronous job monitoring tracks background tasks, ensuring they finish reliably, perform well, and stay visible at scale.

Story

@laura_garcia shared a post, 8 months ago

Software Developer, RELIANOID

🚀 We’re heading to TechEx Europe 2025 in Amsterdam on 24–25 September!

Join us at Europe’s premier enterprise technology event to explore the future of AI, cybersecurity, IoT, cloud, and digital transformation—and discover how RELIANOID ensures secure, scalable, and high-performance application delivery for modern enterprises. #TechExEurope#DigitalTransformation#Enterp..

Link

@anjali shared a link, 8 months ago

Customer Marketing Manager, Last9

Kubernetes Service Discovery Explained with Practical Examples

Understand Kubernetes Service Discovery with clear examples of Services, Endpoints, DNS, Ingress, and headless setups in action.

Link

@faun shared a link, 8 months, 1 week ago

FAUN.dev()

Esoteric Languages Challenge Coders to Think Way Outside the Box

Daniel Temkin has written a book about44 esoteric programming languages, including Valence, which uses ancient Greek measuring symbols. Temkin emphasizes the significance of esoteric languages in promoting creativity and investigating the complicated nature of modern programming. These languages hav.. read more

Link

@faun shared a link, 8 months, 1 week ago

FAUN.dev()

Is Java Still Used? Current Trends and Market Demand in 2025

Java’s not just hanging on in 2025—it’s running the show. Over 90% of the Fortune 500 still trust it to power cloud platforms, big data pipelines, and IoT sprawl. What’s keeping it sharp? A brisk six-month release cadence. A battle-hardened ecosystem through OpenJDK and Jakarta EE. And a JVM that k.. read more

Link

@faun shared a link, 8 months, 1 week ago

FAUN.dev()

Developer Experience at Pinterest: The Journey to PinConsole

Pinterest rolled outPinConsole, a custom-built Internal Developer Platform powered byBackstage. Years of scattered tools had piled on complexity. This is their clean slate. PinConsole pulls developer workflows into one place, plugging intoPinCompute (Kubernetes),GitHub,Jira, andPagerDuty. It also b.. read more

Link

@faun shared a link, 8 months, 1 week ago

FAUN.dev()

The Raku Programming Language: There's More Than One Way To Do It

Raku throws togethermulti-paradigm support,gradual typing,first-class regex grammars, andmetaprogrammingthat actually earns the name. It comes with built-in concurrency,multiple dispatch, and fresh tools likeRakuASTfor syntax-aware code wrangling... read more

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.