Updates and recent posts about Sigstore..

Posts
Description

Link

@faun shared a link, 1 year, 1 month ago

FAUN.dev()

The Kubernetes Gateway API through beginner’s eyes

Gateway API, the sassy heir to Ingress, jugglesL4 & L7 protocolslike it was born for it. Tosses out those annoying, vendor-specific annotations to clean up Kubernetes networking. On a whim, I swapped an external cronjob for aKubernetes CronJob—because tinkering is a blast, and, let's face it, automa.. read more

Link

@faun shared a link, 1 year, 1 month ago

FAUN.dev()

Podfox: World's First Container-Aware Browser

Podfoxswoops in to transform your browser into a Podman rootless container with a SOCKS proxy—no port forwarding monkey business required. It's like magic for your dev groove. Meanwhile,Homebrewgives container development a twist: it mounts user environments in read-only mode. This way, your favorit.. read more

Link

@faun shared a link, 1 year, 1 month ago

FAUN.dev()

v1.33: Prevent PersistentVolume Leaks When Deleting out of Order graduates to GA

Kubernetes v1.33finally pulls its socks up with storage cleanup. It now respects reclaim policies by wielding finalizers. No more leakingPersistentVolumes, even if you delete PVs like a mad hatter... read more

Story

@laura_garcia shared a post, 1 year, 1 month ago

Software Developer, RELIANOID

Women in STEM

🚺✨ The rise of women in STEM is inspiring change, and nowhere is this more evident than in Cybersecurity. Despite making up only 24% of the workforce, women are increasingly leading the charge in securing our digital world. RELIANOID is proud to champion gender diversity in the cybersecurity sector...

Blog women and girls in STEM and Cybersecurity RELIANOID

Link

@anjali shared a link, 1 year, 1 month ago

Customer Marketing Manager, Last9

CloudWatch vs OpenTelemetry: Choosing What Fits Your Stack

CloudWatch vs OpenTelemetry: Understand the trade-offs and choose the observability approach that fits your team's architecture and workflows.

Link

@anjali shared a link, 1 year, 1 month ago

Customer Marketing Manager, Last9

OpenTelemetry PHP: A Detailed Implementation Guide

Learn how to set up OpenTelemetry PHP to collect traces, metrics, and logs from your PHP apps and improve observability across your stack.

Story

@laura_garcia shared a post, 1 year, 1 month ago

Software Developer, RELIANOID

Hack Space Con 2025

Mark your calendars for Hack Space Con 2025 – where cybersecurity meets space technology! Taking place from May 11-15 at the Kennedy Space Center & Radisson Resort at the Port in Cape Canaveral, this event unites cybersecurity professionals, ethical hackers, and space tech enthusiasts. Don’t miss th..

Link

@anjali shared a link, 1 year, 1 month ago

Customer Marketing Manager, Last9

The Complete Guide to Observing RabbitMQ

Learn how to monitor, troubleshoot, and improve RabbitMQ performance with the right metrics, tools, and observability practices.

Link

@anjali shared a link, 1 year, 1 month ago

Customer Marketing Manager, Last9

Kubernetes Alerting That Won’t Burn You Out

A practical guide to Kubernetes alerting—cut the noise, catch what matters, and avoid those unnecessary 3AM wake-up calls.

Link

@anjali shared a link, 1 year, 1 month ago

Customer Marketing Manager, Last9

Essential Python Monitoring Techniques You Need to Know

Learn the key techniques to monitor Python performance, catch bottlenecks early, and keep your applications fast and reliable at scale.

Python Logging Best Practices_ The Ultimate Guide

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.