Hacker News
- Sigstore - A new standard for signing, verifying and protecting software https://www.sigstore.dev/ 27 comments
- Sigstore – A new standard for signing, verifying and protecting software https://sigstore.dev 79 comments
Linking pages
- It’s ten o’clock, do you know where your private keys are? | by Asra Ali | sigstore https://blog.sigstore.dev/its-ten-o-clock-do-you-know-where-your-private-keys-are-5c869cf53234 98 comments
- ko: Easy Go Containers https://ko.build/ 71 comments
- Open source is not insecure | InfoWorld https://www.infoworld.com/article/3714445/open-source-is-not-insecure.html#tk.rss_security 71 comments
- Don't trust your logs! Implementing a Merkle tree for an Immutable Verifiable Log (in Go) https://aly.arriqaaq.com/merkle-tree-and-verifiable-data-structures/ 65 comments
- We sign code now | Trail of Bits Blog https://blog.trailofbits.com/2022/11/08/sigstore-code-signing-verification-software-supply-chain/ 65 comments
- Have we reached a point of no return on managing software dependencies? · Paolo Mainardi https://www.paolomainardi.com/posts/point-of-no-return-on-managing-software-dependencies/ 64 comments
- JSR Is Not Another Package Manager https://deno.com/blog/jsr-is-not-another-package-manager 63 comments
- GitHub - 1Password/1password-teams-open-source: Get a free 1Password Teams membership for your open source project https://github.com/1Password/1password-teams-open-source 59 comments
- Adding build provenance to Homebrew | Trail of Bits Blog https://blog.trailofbits.com/2023/11/06/adding-build-provenance-to-homebrew/ 46 comments
- How we built JSR https://deno.com/blog/how-we-built-jsr 40 comments
- GitHub - edgelesssys/constellation: Constellation is the first Confidential Kubernetes. Constellation shields entire Kubernetes clusters from the (cloud) infrastructure using confidential computing. https://github.com/edgelesssys/constellation 38 comments
- Kubernetes 1.24 - What's new? - New features and deprecations https://sysdig.com/blog/kubernetes-1-24-whats-new/ 19 comments
- Kubernetes signals massive adoption of Sigstore for protecting open source ecosystem | by Dan Lorenc | sigstore https://blog.sigstore.dev/kubernetes-signals-massive-adoption-of-sigstore-for-protecting-open-source-ecosystem-73a6757da73 11 comments
- GitHub - symfony-cli/symfony-cli: The Symfony CLI tool https://github.com/symfony-cli/symfony-cli 11 comments
- Shared success in building a safer open source community https://blog.google/technology/safety-security/shared-success-in-building-a-safer-open-source-community/ 10 comments
- Sigstore: A New Tool Wants to Save Open Source From Supply Chain Attacks (WIRED) - Linux.com https://www.linux.com/news/sigstore-a-new-tool-wants-to-save-open-source-from-supply-chain-attacks-wired/ 8 comments
- GitHub - chainloop-dev/chainloop: Chainloop is an open source software supply chain control plane, a single source of truth for artifacts plus a declarative attestation crafting process. https://github.com/chainloop-dev/chainloop 8 comments
- Policy CLI - “docker” for your OPA policies | Open Policy Registry https://www.openpolicyregistry.io/blog/docker-workflow-for-opa/ 7 comments
- GitHub - sigstore/sigstore-python: A Sigstore client in Python https://github.com/sigstore/sigstore-python 7 comments
- Spin 1.0 — The Developer Tool for Serverless WebAssembly | Fermyon • Experience the next wave of cloud computing. https://www.fermyon.com/blog/introducing-spin-v1 7 comments