Cloud-Native Microservices With Kubernetes - 2nd Edition

A Comprehensive Guide to Building, Scaling, Deploying, Observing, and Managing Highly-Available Microservices in Kubernetes

> Get Your Copy

Updates and recent posts about Sigstore..

Posts
Description

Link

@kala shared a link, 6 days, 23 hours ago

FAUN.dev()

Announcing Stack Overflow for Agents

Stack Overflow's team opened the beta for "Stack Overflow for Agents", an API-first knowledge exchange that lets coding agents use Stack Overflow through human-owned accounts. The beta points to a clear model: developers connect agents to their own accounts, and Stack Overflow's team can link agent .. read more

Link

@kala shared a link, 6 days, 23 hours ago

FAUN.dev()

OpenAI to acquire Ona

OpenAI acquires Ona to bring secure cloud execution technology to Codex, which now has over 5 million users per week. Ona's technology will allow Codex to work persistently in a customer's cloud environment... read more

Link

@devopslinks shared a link, 1 week ago

FAUN.dev()

Observing LLM Applications with OpenTelemetry

The SigNoz team shows you how to use OpenTelemetry to observe an LLM application, including agent traces and guardrail failures... read more

Link

@devopslinks shared a link, 1 week ago

FAUN.dev()

How Google SRE is using agentic AI to improve operations

Google SRE authors argue that teams should use agentic AI across the reliability lifecycle and give agents clear controls and audit logs before they allow them to change production state... read more

Link

@devopslinks shared a link, 1 week ago

FAUN.dev()

Securing CI/CD for an open source project: Locking down dependencies

Cilium maintainers explain how they harden GitHub Actions and Go module dependencies with immutable references and trust checks during code review... read more

Link

@devopslinks shared a link, 1 week ago

FAUN.dev()

GitHub pulls pin on npm's auto-run scripts

GitHub plans to makenpm installskip dependency lifecycle scripts by default in npm 12. That affects scripts such as: preinstall, install, postinstall, prepare The security gain is clear. The migration risk sits with packages that depend on install-time work, such as native module builds, generated f.. read more

Link

@devopslinks shared a link, 1 week ago

FAUN.dev()

Grit: rewriting Git in Rust with agents

The creator of GitHub built Grit, a Rust reimplementation of Git as a library passing 99% of Git's test suite, paving the way for network efficient tools. But be cautious: while promising, Grit is not tested for production use and may still have bugs worth reporting for future improvements... read more

Story

@laura_garcia shared a post, 1 week, 1 day ago

Software Developer, RELIANOID

RELIANOID at 𝗩𝗶𝘃𝗮𝗧𝗲𝗰𝗵 𝟮𝟬𝟮𝟲

🚀 𝗩𝗶𝘃𝗮𝗧𝗲𝗰𝗵 𝟮𝟬𝟮𝟲 is bringing together the 𝗴𝗹𝗼𝗯𝗮𝗹 𝗶𝗻𝗻𝗼𝘃𝗮𝘁𝗶𝗼𝗻 ecosystem! From startups and investors to enterprises and technology leaders, VivaTech 2026 is the place to explore the 𝘭𝘢𝘵𝘦𝘴𝘵 𝘢𝘥𝘷𝘢𝘯𝘤𝘦𝘴 𝘪𝘯 𝘈𝘐, 𝘤𝘺𝘣𝘦𝘳𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺, 𝘴𝘶𝘴𝘵𝘢𝘪𝘯𝘢𝘣𝘪𝘭𝘪𝘵𝘺, 𝘥𝘪𝘨𝘪𝘵𝘢𝘭 𝘴𝘰𝘷𝘦𝘳𝘦𝘪𝘨𝘯𝘵𝘺, 𝘢𝘯𝘥 𝘦𝘮𝘦𝘳𝘨𝘪𝘯𝘨 𝘵𝘦𝘤𝘩𝘯𝘰𝘭𝘰𝘨𝘪𝘦𝘴. 𝙍𝙀𝙇𝙄𝘼𝙉𝙊𝙄𝘿 is excite..

Story Trending

@vaibhavgupta shared a post, 1 week, 1 day ago

6+ Shadcn Register Sign Up Blocks Examples

#shadcn ... #shadcn ... #shadcn ... #shadcn #shadcn ...

The article showcases a collection of Shadcn/UI registration (sign-up) page blocks that developers can copy and customize for React/Next.js applications. The focus is on speeding up authentication UI development with modern, responsive, production-ready designs.

Story Trending

@laura_garcia shared a post, 1 week, 2 days ago

Software Developer, RELIANOID

𝗜𝗦𝗢/𝗜𝗘𝗖 𝟮𝟳𝟬𝟬𝟭 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗦𝘁𝗮𝘁𝗲𝗺𝗲𝗻𝘁

🔐 Security and compliance are at the core of everything we do at RELIANOID. Our 𝗜𝗦𝗢/𝗜𝗘𝗖 𝟮𝟳𝟬𝟬𝟭 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗦𝘁𝗮𝘁𝗲𝗺𝗲𝗻𝘁 outlines how our organization and load balancing platform align with the security principles and controls of the ISO/IEC 27001:2022 framework. Learn more in our Security Compliance page..

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.