Join us

ContentUpdates and recent posts about Sigstore..
Link
devopslinks
@devopslinks shared a link, 2 weeks, 1 day ago
FAUN.dev()

From Paging to Postmortem: Google Cloud SREs on Using Gemini CLI for Outage Response

Google Cloud SREs just leveled up their incident response game with theGemini CLI- an LLM-fueled terminal sidekick built onGemini 3. It jumps in fast: drafts mitigation playbooks, digs into root causes, and cranks out postmortem reports. All withhuman-in-the-loopguardrails to keep things sane... read more  

From Paging to Postmortem: Google Cloud SREs on Using Gemini CLI for Outage Response
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
News FAUN.dev() Team Trending
kala
@kala shared an update, 2 weeks, 1 day ago
FAUN.dev()

GitHub Launches Copilot SDK to Embed Agentic AI into Any Application

#GitHub ...  #agentic...  #Copilot...  #AI mode...  #github 
GitHub Copilot GitHub Copilot SDK

GitHub has released the Copilot SDK in technical preview, allowing developers to embed Copilot’s agentic execution loop into their own applications. The SDK supports multiple AI models, real-time streaming, and languages like Python, TypeScript, Go, and .NET, but currently requires a Copilot subscription and is intended for development and testing rather than production use.

GitHub Launches Copilot SDK to Embed Agentic AI into Any Application
652 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
News FAUN.dev() Team Trending
varbear
@varbear shared an update, 2 weeks, 1 day ago
FAUN.dev()

VillageSQL Launches: A Drop-In MySQL Fork Bringing Extensions and AI to the Core

#mysql  #Village...  #DB  #databas...  #AI 
MySQL VillageSQL

VillageSQL is a drop-in, open-source fork of MySQL that introduces a true extension framework, enabling permissionless innovation for AI-era workloads. It allows developers to add custom data types and functions - with vector indexing and search on the roadmap - bringing MySQL closer to PostgreSQL-style extensibility without waiting for core upstream changes.

571 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
 Activity
kala
@kala added a new tool GitHub Copilot SDK , 2 weeks, 1 day ago.
 Activity
varbear
@varbear added a new tool VillageSQL , 2 weeks, 1 day ago.
News FAUN.dev() Team Trending
devopslinks
@devopslinks shared an update, 2 weeks, 1 day ago
FAUN.dev()

MinIO Ends Community Development, Positions AIStor as the Future

#Min.io  #S3  #Object ...  #AIStor  #open so... 
MinIO AIStor

MinIO has marked its open-source GitHub repository as "THIS REPOSITORY IS NO LONGER MAINTAINED," effectively ending active community development. The company is shifting focus to AIStor, its subscription-based enterprise object storage platform. The code remains available under AGPLv3, but future innovation and support are centered on the commercial product.

1k views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
 Activity
devopslinks
@devopslinks added a new tool AIStor , 2 weeks, 1 day ago.
 Activity
gbdhodh-glitch
@gbdhodh-glitch started using tool Python , 2 weeks, 1 day ago.
 Activity
abdelbxl
@abdelbxl started using tool Windows Server , 2 weeks, 2 days ago.
 Activity
abdelbxl
@abdelbxl started using tool Vault , 2 weeks, 2 days ago.
Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.