Updates and recent posts about Sigstore..

Posts
Description

Link

@faun shared a link, 1 year ago

FAUN.dev()

kuberc is Here! Customizing kubectl with Kubernetes 1.33

Kuberc, introduced inKubernetes 1.33as an alpha feature, allows users to personalize their kubectl command-line experience with aliases and default flags. This configuration file separates personal preferences from the kubeconfig file, simplifying complex commands and reducing errors. Teams can pote.. read more

Link

@anjali shared a link, 1 year ago

Customer Marketing Manager, Last9

How to Handle Logging in Microservices Architectures

Learn how to manage logging in microservices—from common challenges to tools and practices that actually help in real-world systems.

Story

@readdive shared a post, 1 year ago

Founder, Read Dive

The Future of Social App Development with Snapchat's Developer Ecosystem

Explore the future of social app development through Snapchat’s developer ecosystem and how Snap Planets influence innovation and engagement.

Story

@readdive shared a post, 1 year ago

Founder, Read Dive

How DevOps Is Transforming Application Testing in 2025

Discover how DevOps is revolutionizing application testing in 2025 and why partnering with an application testing company is essential today.

Story

@laura_garcia shared a post, 1 year ago

Software Developer, RELIANOID

🌐 World Telecommunication and Information Society Day May 17 | #WTISD2025

At RELIANOID, we believe in a connected world wheredigital access is not a privilege, but a right. On this day, we join the global call to recognize howtelecommunications and IT bridge dividesand create opportunities for all — from telemedicine in rural clinics to remote learning across continents. ..

World Telecommunication and Information Society Day RELIANOID

Story

@readdive shared a post, 1 year ago

Founder, Read Dive

Unity Programming for 2D and 3D Games: What You Need to Know

This article explores what Unity programming entails, the key differences between 2D and 3D development in Unity, and how developers can get started crafting high-quality games.

Story

@laura_garcia shared a post, 1 year ago

Software Developer, RELIANOID

AI & Key Tech Summit 2025

Ready to unlock the technology of tomorrow? Join us on May 21, 2025, for the AI & Key Tech Summit 2025 – a virtual event that’s part of the Women in Tech Global Conference. Connect with tech leaders, engineers, and product managers as we dive into cutting-edge sessions ranging from AI and data scien..

Story

@readdive shared a post, 1 year ago

Founder, Read Dive

The Thought Process Behind AI Innovation: Kashif Abid’s Perspective

Behind AI Innovation

Story

@laura_garcia shared a post, 1 year ago

Software Developer, RELIANOID

🔐 What is CSRF and How to Protect Your Web Apps?

4-min read → https://www.relianoid.com/resources/knowledge-base/misc/what-is-cross-site-request-forgery-csrf-attack-and-mitigations/ One of the most common yet overlooked threats in web application security is Cross-Site Request Forgery (CSRF) — also known as session riding. 🧠 What you'll learn in t..

Story

@laura_garcia shared a post, 1 year ago

Software Developer, RELIANOID

We’ve won the SourceForge Community Choice Award!

We're proud to share that RELIANOID has been recognized by SourceForge with a Community Choice Award, a distinction granted to a small group of open-source projects that stand out for their impact, downloads, and user engagement. With over 500,000 projects hosted on SourceForge and nearly 20 million..

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.