Cloud-Native Microservices With Kubernetes - 2nd Edition

A Comprehensive Guide to Building, Scaling, Deploying, Observing, and Managing Highly-Available Microservices in Kubernetes

> Get Your Copy

Updates and recent posts about Sigstore..

Posts
Description

Story

@abhilashjn85 shared a post, 1 year, 1 month ago

Audit Log Service-Evaluating Different Approaches

#microse...

Audit Log is basically all sort of records that corresponds to any changes within the application. Most importantly, while designing an audit log service we should understand what fields to audit when an event occurs. The information included in the log should provide the context of the event, the “who, what, where, and when,” and anything else of relevance.

Story

@prajuktadey shared a post, 1 year, 1 month ago

Stuck while installing Django? Here’s some steps for you to follow

#Python #Django

Hello, long time no see. I am back with another article for you guys. Here’s some steps that will guide you through a smooth installation of the Python web framework: Django.

Story

@jayaharyonomanik shared a post, 1 year, 1 month ago

Data Engineer, Kitabisa

CICD your Tableau Dashboard with Github Actions

commit and push your .twb (Tableau Workbooks) files confidently

Story

@sezginerdem shared a post, 1 year, 1 month ago

DevOps Engineer

Why Use the Go Language for Your Project?

#DevOps #GoLang #Go

Even without major changes, we can expect increased use of Go for infrastructure rebuilding projects, as per the replacements for SSH and NTP described above, and as part of multi-language projects.Third-party implementations of the Go toolchain have also proliferated. ActiveState’s ActiveGo provide..

Link

@anjali shared a link, 1 year, 1 month ago

Customer Marketing Manager, Last9

What is Log Data? The SRE's Essential Guide

Learn how log data helps SREs debug issues, monitor performance, and understand system behavior effectively.

Link

@anjali shared a link, 1 year, 1 month ago

Customer Marketing Manager, Last9

The Ultimate Guide to GCP Logs for DevOps Engineers

Discover everything DevOps engineers need to know about GCP logs, from collection to analysis, to optimize performance and troubleshooting.

Story

@laura_garcia shared a post, 1 year, 1 month ago

Software Developer, RELIANOID

Join us at CYBERUK 2025 in Manchester!

The UK government's flagship cybersecurity event hosted by the National Cyber Security Centre. Connect with 2,000+ cyber security leaders, engage in 10+ hours of curated networking, and hear from over 100 expert speakers on the theme "Transforming Resilience. Countering Threats." How will you transf..

Link

@anjali shared a link, 1 year, 1 month ago

Customer Marketing Manager, Last9

Simplifying Container Observability for DevOps Teams

Learn how to simplify container observability for your DevOps team by effectively tracking metrics, logs, and traces to improve performance.

Story

@viktoriiagolovtseva shared a post, 1 year, 1 month ago

Bug Template for Jira: Streamline Bug Tracking and Reporting

Stop wasting time on messy bug reports — use a bug template to bring order and speed to your tracking process. Bug tracking can get chaotic without a clear process. Inconsistent reports lead to confusion, delays, and frustration for QA teams and developers. A bug template in Jira solves this problem..

Link

@anjali shared a link, 1 year, 1 month ago

Customer Marketing Manager, Last9

Prometheus Port Configuration: A Detailed Guide

Learn how to configure Prometheus ports correctly, whether using defaults or custom settings, to keep your monitoring setup running smoothly.

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.