Updates and recent posts about Sigstore..

Posts
Description

Link

@radhika_rv16 shared a link, 6 days, 20 hours ago

SRE, Writer

Platform Engineering: From Bash Scripts to AI-Powered Platforms — and What Comes Next

I once got a Slack message at 11pm: "hey, prod seems slow?" No runbook. No alert. Just me, SSH'd into a box, squinting at top output. That was platform engineering. Here's how far we've come — and where AI is taking us next.

Course

@eon01 published a course, 6 days, 21 hours ago

Founder, FAUN.dev

GitOps the Hard Way, with Argo CD

#Helm #gitops #Argo CD #gitlab #kuberne...

Build Real GitOps Pipelines From Empty Clusters to Automated Deploys

Story Trending

@laura_garcia shared a post, 1 week ago

Software Developer, RELIANOID

𝗥𝗘𝗟𝗜𝗔𝗡𝗢𝗜𝗗 𝗮𝘁 𝗟𝗼𝗻𝗱𝗼𝗻 𝗧𝗲𝗰𝗵 𝗪𝗲𝗲𝗸 𝟮𝟬𝟮𝟲

🚀 𝗝𝗼𝗶𝗻 𝗥𝗘𝗟𝗜𝗔𝗡𝗢𝗜𝗗 𝗮𝘁 𝗟𝗼𝗻𝗱𝗼𝗻 𝗧𝗲𝗰𝗵 𝗪𝗲𝗲𝗸 𝟮𝟬𝟮𝟲 📅 June 8–12, 2026 📍 London, United Kingdom London Tech Week brings together innovators, enterprises, startups, investors, and technology leaders to explore the future of AI, cybersecurity, cloud infrastructure, digital transformation, and emerging technologi..

Activity

@work4bots started using tool Spring , 1 week, 2 days ago.

Activity

@work4bots started using tool Helm , 1 week, 2 days ago.

Activity

@work4bots started using tool Azure Pipelines , 1 week, 2 days ago.

Activity

@work4bots started using tool Azure Kubernetes Service (AKS) , 1 week, 2 days ago.

Activity

@work4bots started using tool Azure , 1 week, 2 days ago.

Activity

@work4bots added a new tool Bicep , 1 week, 2 days ago.

Story FAUN.dev() Team Trending

@eon01 shared a post, 1 week, 2 days ago

Founder, FAUN.dev

AWX in Action is out, and there's a course

#red hat... #ansible #Tower #AWX

"AWX in Action: Ansible Orchestration at Scale" is now available in print and ebook. It covers running AWX on Kubernetes for real, not a sandbox demo that falls over the moment you add a second execution node.

Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.