How to Track DORA Metrics Without Months of Engineering Work
Start tracking DORA metrics this week without months of work. Learn simple manual tracking, gradual automation, and practical tools to measure deployment performance
Updates and recent posts about Sigstore..
Story
@viktoriiagolovtseva shared a post, 1 month, 2 weeks ago
Contract Review Template for the Legal Team: a Free Checklist
Whether you’re reviewing a routine non-disclosure agreement or a complex commercial contract, your team likely follows roughly the same steps. Although many legal professionals don’t require a predefined plan, in some cases, having a contract review template is very helpful.
For example, if you have a large legal department, work in a legal firm with numerous clients, or need to scale best practices, in all these cases, process standardization is essential. A contract review template enables you to document all the crucial steps, ensuring that your processes are robust and repeatable.
In this guide, we’ll share a free contract review template for legal teams. We also explain how to use it in Jira or Monday and how to add it to your tasks automatically.
Story
@viktoriiagolovtseva shared a post, 1 month, 2 weeks ago
Jira Automation Best Practices That Will Save You Time
Managing projects in Jira often involves many repetitive actions. Creating work items for recurring tasks, reassigning them for reviews, and syncing statuses with dev tools – these are just a few examples. With Jira automation, you can handle such routine actions more efficiently and reduce manual work. If you set up automation rules that work together as a whole, you will create a well-functioning system. This will help you streamline processes and optimize resources.
In this article, we explore hands-on Jira automation best practices that actually save time. You’ll learn how to set up effective rules, avoid common mistakes, and make automation work seamlessly for your team’s unique processes.
Activity
@adrian_schmidt started using tool TypeScript , 1 month, 3 weeks ago.
Activity
@adrian_schmidt started using tool React , 1 month, 3 weeks ago.
Activity
@adrian_schmidt started using tool Express , 1 month, 3 weeks ago.
Activity
@adrian_schmidt started using tool AWS Lambda , 1 month, 3 weeks ago.
Activity
@adrian_schmidt started using tool Amazon Web Services , 1 month, 3 weeks ago.
Activity
@adrian_schmidt started using tool Amazon SES , 1 month, 3 weeks ago.
Activity
@adrian_schmidt started using tool Amazon S3 , 1 month, 3 weeks ago.
At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.
The sigstore ecosystem is composed of several key components:
- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.
- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.
- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.
Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).
sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.
The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.
