Google’s Cloud APIs Become Agent-Ready with Official MCP Support
Google supports the Model Context Protocol to enhance AI interactions across its services, introducing managed servers and enterprise capabilities through Apigee.
Updates and recent posts about Sigstore.. Activity
@devopslinks added a new tool BigQuery , 4 months ago.
News FAUN.dev() Team
@devopslinks shared an update, 4 months ago
FAUN.dev()
AWS Previews DevOps Agent to Automate Incident Investigation Across Cloud Environments
AWS introduces an autonomous AI DevOps Agent to enhance incident response and system reliability, integrating with tools like Amazon CloudWatch and ServiceNow for proactive recommendations.
Activity
@devopslinks added a new tool ServiceNow , 4 months ago.
Story
@laura_garcia shared a post, 4 months ago
Software Developer, RELIANOID
The UK raises the bar on digital security
With cyberattacks on the rise, the Product Security and Telecommunications Infrastructure (PSTI) Act marks a major step toward making connected technology secure by design. In our latest article, we explain: What the PSTI Act requires Why it matters beyond consumer IoT How it signals a global sh..
Story Palark Team
@shurup shared a post, 4 months ago
@palark
New CNCF Sandbox projects in 2025: From Podman to CloudNativePG
Each year, 25-30 new Open Source projects related to the Cloud Native ecosystem are accepted to the CNCF Sandbox. In January 2025, there were 13 additions, with four of them donated by Red Hat. Here's the list of these newly added CNCF projects: - Podman Container Tools (security-focused Docker alte..
Story
@sancharini shared a post, 4 months ago
CI Testing Best Practices for Reliable and Fast Builds
As software teams adopt continuous integration, build speed and reliability become critical success factors. CI testing plays a central role in ensuring that every code change is validated quickly and consistently before it moves further down the delivery pipeline. Without clear practices, however, ..
Activity
@mjh gave 🐾 to Announcing FAUN.sensei() — Self-paced guides to grow fast — even when tech moves faster. , 4 months ago.
Story FAUN.dev() Team Trending
@eon01 shared a post, 4 months ago
Founder, FAUN.dev
Announcing FAUN.sensei() — Self-paced guides to grow fast — even when tech moves faster.
After months of hard work, FAUN.sensei() is finally alive!
At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.
The sigstore ecosystem is composed of several key components:
- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.
- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.
- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.
Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).
sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.
The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.
