Updates and recent posts about Sigstore..

Posts
Description

Link

@mashka shared a link, 10 months, 2 weeks ago

Paid Acquisition and Growth Marketing, xygeni

Are You Worried About Passing an Audit or Staying Compliant? Join Our Next SafeDev Talk

Hi everyone! If you’re working in AppSec, DevSecOps, or compliance and wondering how to prove your security controls work, this talk is for you.

We’re hosting a free, live SafeDev Talk on how to build a real audit-ready AppSec aligned with ISO, NIST, CRA, and more. No fluff, just practical insights from security leaders working across cloud, compliance, and engineering.

🗓️ July 23 | 🕒 17:00 CEST / 11:00 EDT

👉 Click here to register

Hope to see you there !

SafeDev Talk 7 2025 - Compliance (5) (1)

Story

@laura_garcia shared a post, 10 months, 2 weeks ago

Software Developer, RELIANOID

🎉 We're proud to be featured on 𝗜𝗻𝘁𝗲𝗿𝗲𝘀𝘁𝗶𝗻𝗴𝗙𝗮𝗰𝘁𝘀.𝗼𝗿𝗴!

Their latest article — “𝘚𝘪𝘮𝘱𝘭𝘪𝘧𝘺𝘪𝘯𝘨 𝘓𝘰𝘢𝘥 𝘉𝘢𝘭𝘢𝘯𝘤𝘪𝘯𝘨: 𝘛𝘩𝘦 𝘗𝘰𝘸𝘦𝘳 𝘰𝘧 𝘌𝘢𝘴𝘺 𝘓𝘰𝘢𝘥 𝘉𝘢𝘭𝘢𝘯𝘤𝘦𝘳𝘴 𝘪𝘯 𝘉𝘶𝘪𝘭𝘥𝘪𝘯𝘨 𝘢 𝘔𝘰𝘳𝘦 𝘙𝘦𝘭𝘪𝘢𝘣𝘭𝘦 𝘐𝘯𝘧𝘳𝘢𝘴𝘵𝘳𝘶𝘤𝘵𝘶𝘳𝘦” — highlights how RELIANOID is making robust, secure, and scalable application delivery accessible to everyone. Big thanks to the team at InterestingFacts.org for recogniz..

Link

@anjali shared a link, 10 months, 2 weeks ago

Customer Marketing Manager, Last9

What is Log Loss and Cross-Entropy

Log loss and cross-entropy are core loss functions for classification tasks, measuring how well predicted probabilities match actual labels.

Story

@laura_garcia shared a post, 10 months, 2 weeks ago

Software Developer, RELIANOID

🚦 What Is a Load Balance Router?

A Load Balance Router distributes network traffic across multiple paths—like servers or internet links—to optimize performance and ensure high availability. 🔍 Key Features: Dynamic traffic distribution High availability & failover Scalability on demand Protocol support (BGP, OSPF) Health checks & mo..

Link

@anjali shared a link, 10 months, 2 weeks ago

Customer Marketing Manager, Last9

Cloud Log Management: A Developer's Guide to Scalable Observability

Centralized logging helps you debug faster, scale smarter, and cut through noise. Here's how to get it right from the start.

Story

@laura_garcia shared a post, 10 months, 2 weeks ago

Software Developer, RELIANOID

🌐 What is Border Gateway Protocol (BGP)?

BGP is the backbone of the internet — and it’s powering RELIANOID’s advanced routing strategy. In our latest blog, we cover: ✅ eBGP for datacenter & edge connectivity ✅ iBGP for intra-datacenter load balancing ✅ How to build global clusters without GTM, GSLB, or DNSLB ✅ Real-world BGP use cases & se..

Link

@anjali shared a link, 10 months, 2 weeks ago

Customer Marketing Manager, Last9

How to Get Logs from Docker Containers

Learn how to access, filter, and monitor Docker container logs, plus tips for structured logging, rotation, and production-ready setups.

Link

@anjali shared a link, 10 months, 2 weeks ago

Customer Marketing Manager, Last9

Improve Consistency Across Signals with OTel Semantic Conventions

Correlate logs, metrics, and traces faster by using consistent field names and schemas with OpenTelemetry semantic conventions.

Link

@anjali shared a link, 10 months, 2 weeks ago

Customer Marketing Manager, Last9

How Replicas Work in Kubernetes

Understand how Kubernetes uses replicas to ensure your application stays available, handles traffic spikes, and recovers from pod failures automatically.

Story ManageEngine Team

@arshadmas shared a post, 10 months, 2 weeks ago

Product Marketer, manageengine

GCP monitoring: A comprehensive guide into maximizing cloud performance

#Google ... #gcp mon... #google ...

Keeping mission-critical workloads healthy on Google Cloud Platform (GCP) isn’t optional—it’s your job. As organizations increasingly move to GCP for its elasticity and scalability, the complexity of managing cloud-native and hybrid environments grows. For ITOps and CloudOps professionals, the chall..

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.