DevSecOps in Practice
A Hands-On Guide to Operationalizing DevSecOps at Scale
Updates and recent posts about Sigstore.. Activity
@devopslinks added a new tool OWASP Dependency-Check , 4 months, 3 weeks ago.
Activity
@varbear added a new tool pre-commit , 4 months, 3 weeks ago.
Activity
@devopslinks added a new tool GitGuardian , 4 months, 3 weeks ago.
Activity
@devopslinks added a new tool detect-secrets , 4 months, 3 weeks ago.
Activity
@devopslinks added a new tool Gitleaks , 4 months, 3 weeks ago.
Course
@eon01 published a course, 4 months, 3 weeks ago
Founder, FAUN.dev
Story
@tairascott shared a post, 4 months, 3 weeks ago
AI Expert and Consultant, Trigma
How Do Large Language Models (LLMs) Work? An In-Depth Look
Discover how Large Language Models work through a clear and human centered explanation. Learn about training, reasoning, and real world applications including Agentic AI development and LLM powered solutions from Trigma.
Story
@laura_garcia shared a post, 4 months, 3 weeks ago
Software Developer, RELIANOID
🔐 RELIANOID at Gartner IAM Summit 2025 | Dec 8–10, Grapevine, TX
We’re heading to the Gartner Identity & Access Management Summit to showcase how RELIANOID’s intelligent proxy and ADC platforms empower modern IAM: enhancing Zero Trust enforcement, adaptive access, and hybrid/multi-cloud security. Join us to explore AI-driven automation, ITDR, and identity governa..
Link
@varbear shared a link, 4 months, 3 weeks ago
FAUN.dev()
Confessions of a Software Developer: No More Self-Censorship
A mid-career dev hits pause after ten years in the game -realizing core skills likepolymorphism, SQL, and automated testingnever quite clicked. Leadership roles, shipping products, mentoring junior devs - none of it filled those gaps. They'd been writingC#/.NETfor a while too. Not out of love, just .. read more
Link
@varbear shared a link, 4 months, 3 weeks ago
FAUN.dev()
Building a Blockchain in Go: From 'Hello, Block' to 10,000 TPS
A new Go tutorial shows how to build a lean, fast blockchain - clocking ~10,000 TPS - without the usual bloat. It covers the full stack:P2P networking,custom consensus, and properstate management. No unbounded mempools. No missing snapshots. Just a chain that actually runs, benchmarked on real machi.. read more
At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.
The sigstore ecosystem is composed of several key components:
- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.
- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.
- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.
Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).
sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.
The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.
