Updates and recent posts about Sigstore.. Link
@pushpakraut shared a link, 1ย month, 1ย week ago
Story
@laura_garcia shared a post, 1ย month, 1ย week ago
Software Developer, RELIANOID
CVE-2026-31431 ("Copy Fail")
๐จ CVE-2026-31431 ("Copy Fail") A Linux kernel flaw enabling reliable root privilege escalation from local access. ๐ Affects most systems since ~2017 โ ๏ธ High impact, stealthy exploitation ๐ ๏ธ Fix: Patch immediately & restrict AF_ALG if unused ๐ก๏ธ Mitigated in RELIANOID EE 8.6 and CE 7.10 ๐ Technical tr..
Story
@alok00k shared a post, 1ย month, 1ย week ago
Why Functional Testing Is Still the Backbone of Software Quality
Functional testing ensures software behaves according to business and user requirements by validating complete workflows, APIs, and application behavior. As modern applications become more API-driven and distributed, functional testing plays a critical role in preventing broken user experiences and production failures. Automated functional testing integrated with CI/CD pipelines helps teams release software faster while maintaining reliability and quality.
Story
@koukibadr shared a post, 1ย month, 1ย week ago
Mobile Developer, Nventive
Localize Your Flutter App with Gemini
Why localize your app? Think about it, ignoring international users is like making a fire meme and forgetting to post it online - what's the point? But don't worry, we hear you screaming Fear not, for Gemini is here to be your Yoda in the localization swamp. We'll tackle all your app translation..
ย Activity
@ruchi-sharma created an organization Nimble AppGenie , 1ย month, 2ย weeks ago.
Story WrapPixel Team
@sanjayjoshi shared a post, 1ย month, 2ย weeks ago
8+ Best Shadcn Collapsible Component Examples for React & Next.js
Shadcn Collapsible components offer a flexible, non-interruptive way to manage secondary content in React and Next.js projects. Unlike accordions or dialogs, they keep users in context while reducing UI clutter. Key variations include sidebar menus, API key managers, and file trees, all of which benefit from Tailwind CSS styling and full ARIA accessibility.
ย Activity
@alihenryofficial started using tool SAP Commerce Cloud , 1ย month, 2ย weeks ago.
ย Activity
@alihenryofficial started using tool Google Publisher Tag , 1ย month, 2ย weeks ago.
Story
@laura_garcia shared a post, 1ย month, 2ย weeks ago
Software Developer, RELIANOID
๐ฒ๐ป๐ฎ๐ฏ๐น๐ฒ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ฒ ๐๐ผ๐ผ๐ ๐ถ๐ป ๐ฅ๐๐๐๐๐ก๐ข๐๐ ๐๐ป๐๐ฒ๐ฟ๐ฝ๐ฟ๐ถ๐๐ฒ ๐๐ฑ๐ถ๐๐ถ๐ผ๐ป
๐ฆ๐ฒ๐ฐ๐๐ฟ๐ฒ ๐๐ผ๐ผ๐ + ๐ฅ๐๐๐๐๐ก๐ข๐๐ = ๐ด๐ต๐ณ๐ฐ๐ฏ๐จ๐ฆ๐ณ ๐ต๐ณ๐ถ๐ด๐ต from the very first instruction executed. Here's a practical guide on ๐ต๐ผ๐ ๐๐ผ ๐ฒ๐ป๐ฎ๐ฏ๐น๐ฒ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ฒ ๐๐ผ๐ผ๐ ๐ถ๐ป ๐ฅ๐๐๐๐๐ก๐ข๐๐ ๐๐ป๐๐ฒ๐ฟ๐ฝ๐ฟ๐ถ๐๐ฒ ๐๐ฑ๐ถ๐๐ถ๐ผ๐ป using the standard shim + MOK approach. ๐ Whatโs inside: - Why Secure Boot canโt be enabled on first install - Step-by-step MOK enr..
ย Activity
@sanjayjoshi gave ๐พ to How To Make a Fast Dynamic Language Interpreter , 1ย month, 2ย weeks ago.
At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.
The sigstore ecosystem is composed of several key components:
- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.
- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.
- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.
Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).
sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.
The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.
