Linking pages
- Reproducible builds for Debian: a big step forward | Qubes OS https://www.qubes-os.org/news/2021/10/08/reproducible-builds-for-debian-a-big-step-forward/ 92 comments
- Adding build provenance to Homebrew | Trail of Bits Blog https://blog.trailofbits.com/2023/11/06/adding-build-provenance-to-homebrew/ 46 comments
- GitHub - chainloop-dev/chainloop: Chainloop is an open source software supply chain control plane, a single source of truth for artifacts plus a declarative attestation crafting process. https://github.com/chainloop-dev/chainloop 8 comments
- In-toto: providing farm-to-table guarantees for bits and bytes | the morning paper https://blog.acolyer.org/2019/10/02/in-toto/ 4 comments
- GitHub - chainguard-dev/ssc-reading-list: A reading list for software supply-chain security. https://github.com/chainguard-dev/ssc-reading-list 3 comments
- Improvements in testing and building: GitLab CI and reproducible builds | Qubes OS https://www.qubes-os.org/news/2021/02/28/improvements-in-testing-and-building/ 1 comment
- Reproducible MirageOS unikernel builds https://hannes.nqsb.io/Posts/ReproducibleOPAM 1 comment
- Software Supply Chains & The Modern Challenges | by Tanmay Deshpande | ITNEXT https://itnext.io/software-supply-chains-the-modern-challenges-e2d9e1ea8f6 0 comments
- Results of the 2019 AWS Container Security Survey | Containers https://aws.amazon.com/blogs/containers/results-of-the-2019-aws-container-security-survey/ 0 comments
- How to Sign a Release of OSS. A practical guide | by Dan Lorenc | sigstore https://dlorenc.medium.com/how-to-sign-a-release-of-oss-e96ee94286fc 0 comments
- Zero Trust Supply Chain Security. This post accompanies a talk I just… | by Dan Lorenc | Medium https://dlorenc.medium.com/zero-trust-supply-chain-security-e3fb8b6973b8 0 comments
- Signature Formats. Envelopes and Wrappers and Formats, Oh… | by Dan Lorenc | Medium https://dlorenc.medium.com/signature-formats-9b7b2a127473 0 comments
- GitHub - sigstore/cosign: Container Signing https://github.com/sigstore/cosign 0 comments
- GitHub - fabacab/awesome-cybersecurity-blueteam: 🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams. https://github.com/meitar/awesome-cybersecurity-blueteam 0 comments
- Sigstore June Update! - Sigstore Blog https://blog.sigstore.dev/sigstore-june-update-6b9c52f86e9d 0 comments
- OCI as attestations storage for your packages - Marco Franssen https://marcofranssen.nl/oci-as-attestations-storage-for-your-packages 0 comments
- cnab-spec/300-CNAB-security.md at cnab-security-1.0.0-ga · cnabio/cnab-spec · GitHub https://github.com/cnabio/cnab-spec/blob/cnab-security-1.0.0-ga/300-CNAB-security.md 0 comments
- On business adoption and use of reproducible builds for open and closed source software | SpringerLink https://link.springer.com/article/10.1007/s11219-022-09607-z 0 comments
- Signatus, ergo securus? Who can sign what with TUF and Sigstore | by Zachary Newman | Dec, 2022 | sigstore https://blog.sigstore.dev/signatus-ergo-securus-who-can-sign-what-with-tuf-and-sigstore-ea4d3d84b8b6 0 comments
- Unleashing in-toto: The API of DevSecOps | Cloud Native Computing Foundation https://www.cncf.io/blog/2023/08/17/unleashing-in-toto-the-api-of-devsecops/ 0 comments
Related searches:
Search whole site: site:in-toto.io
Search title: in-toto | A framework to secure the integrity of software supply chains
See how to search.