Join us

ContentUpdates and recent posts about Sigstore..
ย Activity
adrian_schmidt
@adrian_schmidt started using tool Express , 5ย days, 13ย hours ago.
ย Activity
adrian_schmidt
@adrian_schmidt started using tool AWS Lambda , 5ย days, 13ย hours ago.
ย Activity
adrian_schmidt
@adrian_schmidt started using tool Amazon Web Services , 5ย days, 13ย hours ago.
ย Activity
adrian_schmidt
@adrian_schmidt started using tool Amazon SES , 5ย days, 13ย hours ago.
ย Activity
adrian_schmidt
@adrian_schmidt started using tool Amazon S3 , 5ย days, 13ย hours ago.
ย Activity
adrian_schmidt
@adrian_schmidt started using tool Amazon EC2 , 5ย days, 13ย hours ago.
ย Activity
adrian_schmidt
@adrian_schmidt started using tool Amazon Cloudfront , 5ย days, 13ย hours ago.
ย Activity
adrian_schmidt
@adrian_schmidt started using tool Amazon ALB , 5ย days, 13ย hours ago.
Story
laura_garcia
@laura_garcia shared a post, 5ย days, 14ย hours ago
Software Developer, RELIANOID

๐—•๐—ฒ๐˜๐˜ ๐—•๐—ฟ๐—ฎ๐˜€๐—ถ๐—น ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฒ

๐Ÿ“ Sรฃo Paulo, Brazil ๐Ÿ“… May 5โ€“8, 2026 ๐—ฅ๐—˜๐—Ÿ๐—œ๐—”๐—ก๐—ข๐—œ๐—— is heading to ๐—•๐—ฒ๐˜๐˜ ๐—•๐—ฟ๐—ฎ๐˜€๐—ถ๐—น ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฒ โ€” ๐˜ต๐˜ฉ๐˜ฆ ๐˜ญ๐˜ข๐˜ณ๐˜จ๐˜ฆ๐˜ด๐˜ต ๐˜Œ๐˜ฅ๐˜›๐˜ฆ๐˜ค๐˜ฉ ๐˜ฆ๐˜ท๐˜ฆ๐˜ฏ๐˜ต ๐˜ช๐˜ฏ ๐˜“๐˜ข๐˜ต๐˜ช๐˜ฏ ๐˜ˆ๐˜ฎ๐˜ฆ๐˜ณ๐˜ช๐˜ค๐˜ข. ๐Ÿš€ 46,000+ professionals ๐Ÿ’ก 270+ companies ๐ŸŒ One shared goal: transforming education Letโ€™s talk about secure, scalable, and high-performance digital learning. ๐Ÿ‘‰ See you at Expo Cen..

bett_brazil_sao_paulo_2026_relianoid
372 views ย 
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Link
koukibadr
@koukibadr shared a link, 5ย days, 15ย hours ago
Mobile Developer, Nventive

LiveData vs StateFlow

LiveData and StateFlow both stream data reactively, but differ in two key ways:

Initialization โ€” LiveData needs no initial value; StateFlow requires one.

Lifecycle โ€” LiveData is lifecycle-aware by default; StateFlow is not, so you need to wrap it in repeatOnLifecycle to avoid memory leaks.

Code templating
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.