Join us

ContentUpdates and recent posts about Sigstore..
 Activity
@goutham-annem started using tool Amazon ECS , 1 week ago.
 Activity
@eon01 gave 🐾 to The unwritten laws of software engineering , 1 week ago.
Link
@varbear shared a link, 1 week, 1 day ago
FAUN.dev()

Build and Deploy a Remote MCP Server to GKE in 30 Minutes

Google walks you through shipping a remoteMCP serveronGKE AutopilotusingFastMCPandstreamable-http, swapping localstdiofor shared HTTP endpoints. The clever bit: theGateway APIhandles managed SSL plusCLIENT_IP session affinity, so one centralized server beats everyone running redundant local copies... read more  

Build and Deploy a Remote MCP Server to GKE in 30 Minutes
Link
@varbear shared a link, 1 week, 1 day ago
FAUN.dev()

How building an HTML-first site doubled our users overnight

Building HTML-first forms using Astro instead of React dramatically increased completion rates and sustainability, highlighting the effectiveness of lightweight, accessible web components for all users, regardless of browser or connectivity... read more  

How building an HTML-first site doubled our users overnight
Link
@varbear shared a link, 1 week, 1 day ago
FAUN.dev()

The unwritten laws of software engineering

- Always related - first rollback, then debug. - Backups aren’t real until restored. - You’ll hate yourself for bad logs. - ALWAYS have a rollback plan. - Every external dependency will fail. - If there's risk, use the “4 eyes” rule. - Nothing lasts like a temporary fix... read more  

The unwritten laws of software engineering
Link
@varbear shared a link, 1 week, 1 day ago
FAUN.dev()

Google hits 50% IPv6

The 50% IPv6 milestone is real, but adoption differs by country. Analysts who report lower figures use population-weighted sampling, while their per-country adoption rates match the higher estimate... read more  

Google hits 50% IPv6
Link
@varbear shared a link, 1 week, 1 day ago
FAUN.dev()

Building in the Age of Collaborative Coding

The speed of innovation is crucial for teams, and AI tools have enabled faster work. A collaborative coding model where teams build, review, and ship alongside AI agents is key to staying ahead in workflows. Three shifts have reshaped how teams build, leading to the adoption of a new collaborative c.. read more  

Building in the Age of Collaborative Coding
Link
@kaptain shared a link, 1 week, 1 day ago
FAUN.dev()

Tigera introduces unified control plane for Kubernetes-based AI agent security

Tigera launched Lynx for general availability, a Kubernetes-native control plane that operators place in the path of AI agent calls so teams can enforce identity and policy... read more  

Tigera introduces unified control plane for Kubernetes-based AI agent security
Link
@kaptain shared a link, 1 week, 1 day ago
FAUN.dev()

How Netflix Simplified Batch Compute with Kueue

Netflix migratedmillions of batch jobsfrom their custom queuing system toKueue, a cloud-native job queueing system, as part of transitioning to a more Kubernetes-native infrastructure. Kueue offers features such as preemption, fair sharing, and hierarchical tenants that were missing in their homegro.. read more  

Link
@kaptain shared a link, 1 week, 1 day ago
FAUN.dev()

When failover isn’t safe: Building high-availability PostgreSQL on Kubernetes

Datadog made PostgreSQL failover safer by treating replica lag as the promotion gate. A zonal-failure gameday showed that detection and automation could not protect the database if the standby sat behind the primary. The team added lag-aware checks, clearer operator signals, and failure drills so en.. read more  

When failover isn’t safe: Building high-availability PostgreSQL on Kubernetes
Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.