Join us

ContentUpdates and recent posts about Sigstore..
 Activity
varbear
@varbear added a new tool npm , 4 months, 3 weeks ago.
 Activity
devopslinks
@devopslinks added a new tool GitHub , 4 months, 3 weeks ago.
Story
laura_garcia
@laura_garcia shared a post, 4 months, 3 weeks ago
Software Developer, RELIANOID

𝘐𝘯 𝘤𝘢𝘴𝘦 𝘺𝘰𝘶 𝘮𝘪𝘴𝘴𝘦𝘥 𝘪𝘵: Europe’s skies disrupted

Cyberattack on Collins Aerospace’s MUSE platform We shared this analysis a few months ago, but given the relevance of the topic and the growing impact of cyberattacks on critical infrastructure, it’s definitely worth resurfacing. The incident forced major airports like Heathrow, Brussels, and Berlin..

592 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
News FAUN.dev() Team Trending
kala
@kala shared an update, 4 months, 3 weeks ago
FAUN.dev()

DeepSeekMath-V2 Launches with 685B Parameters - Dominates Math Contests

#DeepSee...  #AI mode...  #Machine...  #Mathema... 
DeepSeekMath-V2

DeepSeekMath-V2, an AI model with 685 billion parameters, excels in mathematical reasoning and achieves top scores in major competitions, now available open source for research and commercial use.

DeepSeekMath-V2 Launches with 685B Parameters - Dominates Math Contests
1k views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Link
anjali
@anjali shared a link, 4 months, 3 weeks ago
Customer Marketing Manager, Last9

9 Monitoring Tools That Deliver AI-Native Anomaly Detection

A technical guide comparing nine observability platforms built to detect anomalies and support modern AI-driven workflows.

anamoly_detection
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
 Activity
kala
@kala added a new tool DeepSeekMath-V2 , 4 months, 3 weeks ago.
News FAUN.dev() Team
kala
@kala shared an update, 4 months, 3 weeks ago
FAUN.dev()

A New Challenger: INTELLECT-3's 100B Parameters Punch Above Their Weight

#LLMs  #INTELLE...  #Mixture...  #PRIME-R...  #Reinfor... 
Ansible Lustre Slurm INTELLECT-3

INTELLECT-3, a 100B+ parameter model, sets new benchmarks in AI, with open-sourced training components to foster research in reinforcement learning.

A New Challenger: INTELLECT-3's 100B Parameters Punch Above Their Weight
866 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
 Activity
kala
@kala added a new tool INTELLECT-3 , 4 months, 3 weeks ago.
 Activity
devopslinks
@devopslinks added a new tool Lustre , 4 months, 3 weeks ago.
 Activity
varbear
@varbear added a new tool Slurm , 4 months, 3 weeks ago.
Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.