Tag: security

• PyPI's Sigstore-powered attestations are now generally available
• cosign Verification of npm Provenance, GitHub Artifact Attestations, and Homebrew Provenance
• Homebrew's Sigstore-powered provenance is in beta
• npm's Sigstore-powered provenance goes GA
• Sigstore Support in npm launches for Public Beta
• Cosign 2.0 Released!
• Cosign and Policy-controller with GKE, Artifact Registry and KMS
• Sigstore January Roundup
• Sigstore December Roundup
• Using Sigstore to meet FedRAMP Compliance at Autodesk
• How Sigstore quickly patched an upstream vulnerability
• Adopting Sigstore Incrementally
• Sigstore: Bring-your-own sTUF with TUF
• Spooky Updates for Sigstore!
• Sigstore project update — September 2021
• Sigstore Project Update — August 2021
• It’s ten o’clock, do you know where your private keys are?
• Cosign 1.0!
• Sigstore June Update!
• A New Kind of Trust Root
• The Update Framework and You
• How to Sign a Release of OSS
• Cosign Image Signatures
• Cosign — Signed Container Images
• SSH is the new GPG