Updates and recent posts about Sigstore..

Posts
Description

Link

@devopslinks shared a link, 1 month, 2 weeks ago

FAUN.dev()

The Software Development Lifecycle Is Dead

AI agents collapse the classicSDLC-requirements,design,implementation,testing,review,deployment- into an intent-driven loop. They generate code, tests, and pipelines together. They commit tomain. Automated verification runs. Deployment and release split withfeature flags... read more

Link

@devopslinks shared a link, 1 month, 2 weeks ago

FAUN.dev()

The Silent Failure of Reliability Metrics at Scale: Lessons Learned from a Decade of Broken Metrics

At scale, observability breaks whenSLIsand metrics mix different behaviors and lose clear meaning. Complexity grows: more event types, extra labels, and risingcardinality. That bloats queries, slows evaluation pipelines, and distortsPrometheus,PromQL, andElasticmetrics. Why this matters:Teams must t.. read more

Link

@devopslinks shared a link, 1 month, 2 weeks ago

FAUN.dev()

The Human Infrastructure: How Netflix Built the Operations Layer Behind Live at Scale

Netflix has massively scaled its live content, now streaming over nine shows per day with up to 17.9M peak viewers per game, thanks to a complex Broadcast Operations Center, strict transmission quality standards, and a tiered human operations model, including specialized engineering teams and dedica.. read more

News FAUN.dev() Team

@devopslinks shared an update, 1 month, 2 weeks ago

FAUN.dev()

Ubuntu's Next Chapter: Local AI, Confined Agents, and a Bet Against the Cloud-First OS

#Local A... #Inferen... #Snap #agentic... #Ubuntu

Ubuntu is getting local AI as a native capability over the next year, with inference snaps that install models like any other package, AI-powered accessibility features, and confined agentic workflows for both desktops and server fleets. Canonical is betting on open weight models, local-by-default inference, and snap confinement, a deliberate counter to the cloud-first AI direction Microsoft, Apple, and Google are taking with their operating systems.

Ubuntu's Next Chapter: Local AI, Confined Agents, and a Bet Against the Cloud-First OS

Activity

@devopslinks added a new tool Snap , 1 month, 2 weeks ago.

Activity

@kala added a new tool Ollama , 1 month, 2 weeks ago.

Story Keploy Team

@sancharini shared a post, 1 month, 2 weeks ago

Building Automated Regression Testing From Scratch: A Complete Walkthrough

Learn how to build automated regression testing from scratch in 4-6 weeks. Step-by-step walkthrough covering phases, implementation, tools, and avoiding mistakes.

Story

@elsie-rainee shared a post, 1 month, 2 weeks ago

Full Stack Engineer, WPWeb Infotech

Android Architecture: Components, Patterns & Best Practices Guide

Learn Android architecture with components, patterns, and best practices to build mobile apps that are scalable, easy to maintain, and high-performing.

Story

@viktoriiagolovtseva shared a post, 1 month, 2 weeks ago

Online event planning template

Planning a webinar, workshop, or team-wide event in Jira? You’re not alone. When you’re managing internal demos, customer-facing webinars, or company-wide town halls, event coordination takes effort and often involves stakeholders across departments.

Missed deadlines, unclear responsibilities, or last-minute changes can turn even a small event into a major time sink. But there’s good news: you can streamline your event workflows using the tools your team already uses.

Instead of juggling spreadsheets, emails, and calendar invites, create a customizable event planning template in Jira. It brings everything into one place, supports collaboration, and helps you keep track of dependencies, deliverables, and last-minute requests in real time.

Story

@viktoriiagolovtseva shared a post, 1 month, 2 weeks ago

Performance Review Template That Actually Works

Hiring the right person is only half the equation — helping them grow is the other

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.