Updates and recent posts about Sigstore..

Posts
Description

Activity

@cristiandeluxe started using tool cPanel , 1 month ago.

Story

@laura_garcia shared a post, 1 month ago

Software Developer, RELIANOID

RELIANOID Live Demo

Behind every successful deployment, there’s a 𝗱𝗲𝗱𝗶𝗰𝗮𝘁𝗲𝗱 𝘁𝗲𝗮𝗺 𝘄𝗼𝗿𝗸𝗶𝗻𝗴 𝗰𝗹𝗼𝘀𝗲𝗹𝘆 𝘄𝗶𝘁𝗵 𝗰𝘂𝘀𝘁𝗼𝗺𝗲𝗿𝘀 to 𝙙𝙚𝙡𝙞𝙫𝙚𝙧 𝙩𝙝𝙚 𝙧𝙞𝙜𝙝𝙩 𝙨𝙤𝙡𝙪𝙩𝙞𝙤𝙣 𝙖𝙩 𝙩𝙝𝙚 𝙧𝙞𝙜𝙝𝙩 𝙩𝙞𝙢𝙚. Today’s 𝗹𝗶𝘃𝗲 𝗱𝗲𝗺𝗼 𝘀𝗲𝘀𝘀𝗶𝗼𝗻 is a great example of how our engineers go beyond technology — providing 𝗵𝗮𝗻𝗱𝘀-𝗼𝗻 𝗲𝘅𝗽𝗲𝗿𝘁𝗶𝘀𝗲, 𝗿𝗲𝗮𝗹-𝘁𝗶𝗺𝗲 𝗴𝘂𝗶𝗱𝗮𝗻𝗰𝗲, and a 𝗳𝘂𝗹𝗹𝘆 𝗽𝗲𝗿𝘀𝗼𝗻𝗮..

Story

@laura_garcia shared a post, 1 month ago

Software Developer, RELIANOID

𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁𝘀 𝗶𝗻 𝘁𝗵𝗲 𝗜𝗻𝗱𝘂𝘀𝘁𝗿𝗶𝗮𝗹 𝗦𝗲𝗰𝘁𝗼𝗿

🚨 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗜𝗻𝗰𝗶𝗱𝗲𝗻𝘁𝘀 𝗶𝗻 𝘁𝗵𝗲 𝗜𝗻𝗱𝘂𝘀𝘁𝗿𝗶𝗮𝗹 𝗦𝗲𝗰𝘁𝗼𝗿 🚨 According to recent industry reports, 2025 saw a significant rise in high-severity cyber incidents across critical sectors: 🔹 IT: 23% 🔹 Government: 18% 🔹 Industrial: 18% The industrial and food sectors are becoming increasingly attractive..

high-severity incident per industries graph

Activity

@sanjayaalpha859 started using tool Azure Pipelines , 1 month ago.

Activity

@sanjayaalpha859 started using tool AccessTrade , 1 month ago.

Story

@laura_garcia shared a post, 1 month ago

Software Developer, RELIANOID

𝗗𝗲𝘃𝗗𝗮𝘆𝘀 • 𝗗𝗲𝘃𝗢𝗽𝘀 𝗣𝗿𝗼 • 𝗖𝘆𝗯𝗲𝗿𝗪𝗶𝘀𝗲𝗖𝗼𝗻 𝗘𝘂𝗿𝗼𝗽𝗲

🚀 𝗗𝗲𝘃𝗗𝗮𝘆𝘀 • 𝗗𝗲𝘃𝗢𝗽𝘀 𝗣𝗿𝗼 • 𝗖𝘆𝗯𝗲𝗿𝗪𝗶𝘀𝗲𝗖𝗼𝗻 𝗘𝘂𝗿𝗼𝗽𝗲 𝘛𝘩𝘳𝘦𝘦 𝘤𝘰𝘯𝘧𝘦𝘳𝘦𝘯𝘤𝘦𝘴. 𝘖𝘯𝘦 𝘦𝘤𝘰𝘴𝘺𝘴𝘵𝘦𝘮. 𝘜𝘯𝘭𝘪𝘮𝘪𝘵𝘦𝘥 𝘪𝘯𝘯𝘰𝘷𝘢𝘵𝘪𝘰𝘯. From May 19–22, 2026, 𝗥𝗘𝗟𝗜𝗔𝗡𝗢𝗜𝗗 will join the unified experience of 𝗗𝗲𝘃𝗗𝗮𝘆𝘀, 𝗗𝗲𝘃𝗢𝗽𝘀 𝗣𝗿𝗼, and 𝗖𝘆𝗯𝗲𝗿𝗪𝗶𝘀𝗲𝗖𝗼𝗻 𝗘𝘂𝗿𝗼𝗽𝗲 in Vilnius. A unique event bringing together developers, DevOps engineers, cybersecu..

devdays_devops_pro_cyberwisecon_europe_vilnius_2026_relianoid

Activity

@harshilmalvi started using tool Microsoft Power Platform , 1 month ago.

Activity

@harshilmalvi started using tool CloudSuite , 1 month ago.

Activity

@mashka posted an event AI Is Already Inside Your SDLC. Now What? by Xygeni , 1 month ago.

Link

@mfahlandt shared a link, 1 month ago

Customer Delivery Architect, Kubermatic

Last Week in Cloud Native

Last Week in Cloud Native (LWCN) is a weekly newsletter dedicated to keeping the Cloud Native community informed about the latest releases, news, and developments in the CNCF ecosystem.

📅 Published: every Monday

🌍 Language: English

💶 Price: free, no paywall

🧑‍💻 Publisher: Mario Fahlandt

We believe staying current with the rapidly evolving Cloud Native landscape shouldn’t require hours of research. LWCN distills the most important updates from across the ecosystem into a concise, actionable weekly digest — written in a neutral, journalistic tone, with no marketing fluff.

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.