Join us

ContentUpdates and recent posts about Sigstore..
 Activity
maydali28
@maydali28 started using tool Java , 1 week, 2 days ago.
 Activity
maydali28
@maydali28 started using tool Azure Kubernetes Service (AKS) , 1 week, 2 days ago.
 Activity
maydali28
@maydali28 started using tool AWS EKS , 1 week, 2 days ago.
Story Keploy Team Trending
sancharini
@sancharini shared a post, 1 week, 2 days ago

Why Understanding Software Testing Basics Is Essential for Every Developer?

Understand why software testing basics is essential for every developer. Learn key testing types, levels, techniques, and best practices to write reliable, maintainable, and high-quality code.

Software Testing Basics for Developers
416 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Course
eon01
@eon01 published a course, 1 week, 2 days ago
Founder, FAUN.dev

Practical MCP with FastMCP & LangChain

#LangCha...  #Model C...  #FastMCP  #AI agen... 
FastMCP ChatGPT GPT LangChain Python

Engineering the Agentic Experience

Practical MCP with FastMCP & LangChain
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email

|

Sell your course on FAUN.dev
 Activity
kala
@kala added a new tool FastMCP , 1 week, 2 days ago.
News FAUN.dev() Team Trending
kala
@kala shared an update, 1 week, 2 days ago
FAUN.dev()

FastMCP 3.0 Released: Community-Driven Enhancements Unveiled

#FastMCP  #FastMCP...  #Prefect...  #AI  #MCP 
FastMCP

FastMCP 3.0 is now generally available. It keeps the @mcp.tool() API but rebuilds the internals around components + providers + transforms, adds a CLI, and ships production features like component versioning, per-component auth + OAuth additions, OpenTelemetry tracing, background tasks, pagination, tool timeouts, and hot reload. The project moved from jlowin/fastmcp to PrefectHQ/fastmcp on GitHub, and upgrading is supported via dedicated guides for FastMCP 2 and MCP SDK users.

FastMCP 3.0 Released: Community-Driven Enhancements Unveiled
510 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Story
laura_garcia
@laura_garcia shared a post, 1 week, 2 days ago
Software Developer, RELIANOID

🚀 Ready to level up your #AppSec skills?

Join us at London OWASP Training Days 2026 – February 25–28 in London! Hands-on, instructor-led sessions covering: 🔹 API Security 🔹 Secure Development & Testing 🔹 Threat Modeling & Risk Analysis 🔹 AI & Security 🔹 Mobile & IoT Security 🔹 Offensive Security & Pentesting Learn from the global OWASP com..

London OWASP Training Days 2026
387 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
 Activity
dwisiswant0
@dwisiswant0 started using tool GNU/Linux , 1 week, 3 days ago.
Story Trending
laura_garcia
@laura_garcia shared a post, 1 week, 3 days ago
Software Developer, RELIANOID

Finance: Resilience. Trust. Continuity

Downtime isn’t just costly—it’s a trust killer. 💸 In financial services, outages can cost millions, invite regulatory penalties, and damage customer confidence. Our latest blog dives into the true cost of downtime and why resilience, security, and compliance must be non-negotiable. #FinancialServic..

Blog_Why Financial Services Institutions Must Protect Themselves From Downtime_RELIANOID
404 views  
Share: Twitter

|

Linkedin

|

Facebook

|

Pocket

|

Reddit

|

Hacker News

|

Email
Sigstore is an open source initiative designed to make software artifact signing and verification simple, automatic, and widely accessible. Its primary goal is to improve software supply chain security by enabling developers and organizations to cryptographically prove the origin and integrity of the software they build and distribute.

At its core, sigstore removes many of the traditional barriers associated with code signing. Instead of managing long-lived private keys manually, sigstore supports keyless signing, where identities are issued dynamically using OpenID Connect (OIDC) providers such as GitHub Actions, Google, or Microsoft. This dramatically lowers operational complexity and reduces the risk of key compromise.

The sigstore ecosystem is composed of several key components:

- Cosign: A tool for signing, verifying, and storing signatures for container images and other artifacts. Signatures are stored alongside artifacts in OCI registries, rather than embedded in them.

- Fulcio: A certificate authority that issues short-lived X.509 certificates based on OIDC identities, enabling keyless signing.

- Rekor: A transparency log that records signing events in an append-only, tamper-evident ledger. This provides public auditability and detection of suspicious or malicious signing activity.

Together, these components allow anyone to verify who built an artifact, when it was built, and whether it has been tampered with, using publicly verifiable cryptographic proofs. This aligns closely with modern supply chain security practices such as SLSA (Supply-chain Levels for Software Artifacts).

sigstore is widely adopted in the cloud-native ecosystem and integrates with tools like Kubernetes, container registries, CI/CD pipelines, and package managers. It is commonly used to sign container images, Helm charts, binaries, and SBOMs, and is increasingly becoming a baseline security requirement for production software delivery.

The project is governed by the OpenSSF (Open Source Security Foundation) and supported by major industry players.